Invalid TLS version in request connection 40304

jetb2 · ‎10-17-2023

Like everyone else we received the notification from Duo Support that we had 'something' that would fail because it wasn't TLS 1.2. They were unhelpful in they couldn't tell us what that was. Now we're receiving a slow moving error logging in on all our workstations. It's usually 1-2 everyday. We simply tell them to click Switch User and log on as normal. I just don't know what's causing the error: Invalid TLS version in request connection [40304]

We only use Duo Authentication for Windows Logon x64, .v 4.2.0.1263 and v. 4.2.2.1755. These are all windows workstations running the latest version of Windows 10. They all connect back to the Duo mothership.

I have no idea what could be causing the error.

DuoKristina · ‎10-26-2023

I'm sorry the notifications we sent you weren't useful. Did you review this guide? https://help.duo.com/s/article/7546

We aren't just raising the minimum TLS version required to comunicate with our service, we're also dropping support for less secure ciphers. In some cases, this means we're dropped support for a weak cipher that can be used with TLS 1.2. We have been seeing support cases where the Windows client systems were using TLS 1.2 but were also using a weak cipher and then started failing the SSL negotiation.

If you log into the Duo Admin Panel and look under "Reports" do you see the "TLS and Cipher Log" report? This report shows use of TLS versions and ciphers by your clients.

Did you actually contact Duo Support to open a case? The support engineers can search for use of unsupported ciphers in requests to your API host.

Duo, not DUO.