Hello, I believe Erlang SSL and Microsoft IIS have had some incompatibilities for some time (IIRC, since Erlang 18.3.3). The cause is described in this snippet from the Erlang Mailing List: There are some TLS servers on the internet (Microsoft IIS) that have a > very strict reading of the tls1.2 rfc (rfc5246 - > https://tools.ietf.org/html/rfc5246) and if they have a certificate > which is incompatible with the default signature_algs then they will > kill the connection. Now people are starting to roll out SHA-256 bit > certs but SHA-256 certs are not compatible with the default > signature_algs. When we try to connect to these servers with tls1.2 > the server will close the connection after the client hello. This has caused us and other Erlang users some difficulties when trying to send HTTPS requests to application's running on Microsoft IIS. The best solution we've found so far is to explicitly set the TLS version as being 1.2. However, this is not optimal for our needs since we've got no way of knowing before hand if the server we're talking to supports TLS 1.2 and we must support the widest array of servers possible. Are there any recommendations on what approach we should have to achieve the same compatibility when dealing with *possible* Microsoft IIS servers? I'll leave below some more resources on this http://erlang.2086793.n4.nabble.com/Different-SSL-behaviours-how-to-pick-ciphers-td4717756.html https://blog.voltone.net/post/9 http://erlang.org/pipermail/erlang-bugs/2016-September/005195.html http://erlang.org/pipermail/erlang-questions/2017-April/092035.html