Some web apps might not work after installing the June (or July) 2016 Cumulative Update for Windows 10.

Problem

After installing June (KB3163018) or July (KB3172985) cumulative updates for Windows 10 a specific web app was broken, when browsing to it in Internet Explorer 11 or Edge lead to ”The page can’t be displayed”.

Investigation

Looking at the System log in Event Log showed Schannel errors:

A fatal alert was generated and sent to the remote endpoint. This may result in the termination of the connection. The TLS protocol defined fatal error code 40. The Windows SChannel error state is 808.

Doing a network trace showed that the web app server negotiated the TLSCipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA.

Cause

Windows as of update https://support.microsoft.com/en-us/kb/3061518 no longer support ciphers with 512-bits. Note that this KB was released in May 2016 but not anywhere stated to affect Windows 10. Nothing related to these changes points to Windows 10, but as we can conclude, these changes are introduced with June 2016 CU for Windows 10 (and thereby carried forward to July CU and any other CU to come).

Workaround

Use the workaround described in the registry section workaround in https://support.microsoft.com/en-us/kb/3061518 to go back to the 512-bits settings.

Solution

Make necessary server configuration changes to support the better ciphers.