{"id":27036,"date":"2022-10-18T11:41:21","date_gmt":"2022-10-18T09:41:21","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=27036"},"modified":"2022-10-18T11:41:21","modified_gmt":"2022-10-18T09:41:21","slug":"sonderupdates-fr-windows-fixen-ssl-tls-verbindungsproblem-auch-bei-citrix-17-oktober-2022","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2022\/10\/18\/sonderupdates-fr-windows-fixen-ssl-tls-verbindungsproblem-auch-bei-citrix-17-oktober-2022\/","title":{"rendered":"Out-of-band updates for Windows fixes SSL-\/TLS connection issues (also with Citrix) – October 17, 2022"},"content":{"rendered":"

\"Update\"[German<\/a>]As of October 17, 2022, Microsoft has released an unscheduled update KB5020387 for Windows 11 21H2. This update fixes a connection problem that can occur with SSL and TLS connections. All Windows client and server versions that are still in support are probably affected by this problem. The update also fixes a connection issue with Citrix clients that I just reported on.<\/p>\n

<\/p>\n

\"\"Since September 2022 I received reports about issues with SSL and TLS connections on Windows. I had warned about this potential issue in the blog post Windows 10: Beware of a possible TLS disaster on October 2022 patchday<\/a> . There has been a user report, that the optional, cumulative (preview) update KB5017380 from September 2022 (Windows 10 20H2-21H2 Preview Update KB5017380 (Sept. 20, 2022)<\/a>). There, TLS 1.0 and 1.1 are disabled for certain Windows versions. <\/p>\n

My interpretation was, that this may be the root cause, but there seems to be another bug shipped with October 2022 security updates. I have had two blog posts about issues:<\/p>\n

Citrix connections broken after Windows update KB5018410 (October 2022) (TLS problem)<\/a>
Bug: Outlook no longer connects to the mail server (October 2022)<\/a>  <\/p>\n

And Microsoft has released accidential the September 2022 preview update to WSUS (see WSUS chaos: Preview updates for Windows and Net withdrawn as superseded on 9\/21\/2022<\/a>)<\/a>. But I don't know, whether this has an effect on the current report. Nevertheless, German blog reader commented on my blog post Citrix-Verbindungen nach Windows-Update KB5018410 (Oktober 2022) gest\u00f6rt (TLS-Problem)<\/a>, that this issue has been fixed with the out-of-band Windows updates dates October 17, 2022. <\/p>\n

Out-of-band fixes for SSL-\/TLS connection issues<\/h2>\n

Then, as of October 17, 2022, Microsoft posted SSL\/TLS handshake might fail<\/a> in the \"Known issues\" section of the Windows 10 Release Health status page<\/a> (and also for Windows 11<\/a> and for Windows Server 2022<\/a>). There, Microsoft confirms that it has received reports that handshake errors may occur after installing KB5018410 (for Windows 11 21H2) for some types of Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections.<\/p>\n

\n

For developers, there is an indication that the affected connections are likely sending multiple frames within a single input buffer, that is, one or more full records with a partial record that is less than 5 bytes, all sent in a single buffer. If this problem occurs, your application will receive SEC_E_ILLEGAL_MESSAGE if the connection fails.<\/p>\n<\/blockquote>\n

The affected entry can be found for various Windows versions. Here is the list of updates for the affected Windows versions:<\/p>\n