BLZBNTBGS80000011 error no matter what I try

The Client/Server Hello negotiation requires the following Cipher suites to perform the TLS1.2 handshake: Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA & TLS_RSA_WITH_AES_256_CBC_SHA

If you have made your computer PCI compliant like I did, these suites will be disabled in your registry on the computer. Since the above Cipher suites are NOT PCI 4.0 compliant, your client will fail with the BLZBNTBGS80000011 error.

More details here: htt ps://www.schellman .com/blog/how-to-use-strong-protocols-and-cipher-suites-to-achieve-pci-dss-compliance for anyone who is interested

1. Open your client logs folder: %LOCALAPPDATA%\Battle.net\Logs
2. Look for a log starting with the name battle.net- .log and open it in notepad
3. Search for either of the following logs within:

• [BNLogin] {Main} Internal network error: 0 isNetworkError=false
• [BNLogin] {Main} Login failed. error=ERROR_INTERNAL (1)

If you see these errors, chances are you have the same problem as me. Otherwise, it’s back to the forums you go, as the following fix will likely not resolve your issue.

Download the following tool: htt ps://www.nartac.com/Products/IISCrypto/

(copy + paste and then remove the space to use the link, I have not been granted link privileges yet)

When the tool has launched, go to templates, choose Best Practices, put a tick in the reboot box and click apply (Your PC will restart!)

Be aware this is likely to REDUCE the security measures you have put in place on the PC. However, as it is a GUI tool, you can review what it has changed by taking a screenshot of the Schannel and Cipher Suites before applying the Best Practices template. Just remember to uncheck reboot before you click apply to review the changes, and then reboot manually

Instead of posting PowerShell scripts, which might not be allowed, use the same tool and choose the PCI 4.0 template. Click apply and reboot. Afterward, re-launch the tool and go into Cipher Suites. Locate TLS_RSA_WITH_AES_256_CBC_SHA & TLS_RSA_WITH_AES_256_CBC_SHA, put a tick in the box, click apply, and reboot again.

Please refer to the original TLS details provided in the post. Make sure to share this information with Blizzard support if they require it to deploy a fix for the issue.

TLS Captures:

Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 68
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 64
Version: TLS 1.2 (0x0303)
Random: d3ac3f07d4de7fe0790dc22fee7429d53da4e0a5c1cef456ba2b8e486ba0a3fb
GMT Unix Time: Jul 14, 2082 19:55:03.000000000 GMT Summer Time
Random Bytes: d4de7fe0790dc22fee7429d53da4e0a5c1cef456ba2b8e486ba0a3fb
Session ID Length: 0
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Compression Method: null (0)
Extensions Length: 24
Extension: server_name (len=0)
Type: server_name (0)
Length: 0
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Extension: application_layer_protocol_negotiation (len=11)
Type: application_layer_protocol_negotiation (16)
Length: 11
ALPN Extension Length: 9
ALPN Protocol
ALPN string length: 8
ALPN Next Protocol: http/1.1
[JA3S Fullstring: 771,156,0-65281-16]
[JA3S: a22857bf22716efa49bdc8782b571fec]

Frame 29: 1506 bytes on wire (12048 bits), 1506 bytes captured (12048 bits) on interface \Device\NPF_{removed}, id 0
Ethernet II, Src: Ubiquiti_20:0d:2e ({removed}), Dst: Micro-St_6f:59:7d ({removed})
Internet Protocol Version 4, Src: 37.244.55.151, Dst: 192.168.1.15
Transmission Control Protocol, Src Port: 1119, Dst Port: 49780, Seq: 1, Ack: 148, Len: 1452
Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Server Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 57
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 53
Version: TLS 1.2 (0x0303)
Random: 30bd21118ae4a1904aa5cd22b19a8c48543f4befb5d0b10d444f574e47524401
Session ID Length: 0
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Compression Method: null (0)
Extensions Length: 13
Extension: renegotiation_info (len=1)
Extension: session_ticket (len=0)
Extension: extended_master_secret (len=0)
[JA3S Fullstring: 771,53,65281-35-23]
[JA3S: 1e93d30b7be389be4d850613b862a728]

Transport Layer Security
TLSv1.2 Record Layer: Handshake Protocol: Certificate
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 3039
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 3035
Certificates Length: 3032
Certificates (3032 bytes)
Certificate Length: 1764
Certificate: 308206e0308205c8a003020102021006a2b5b399c3b4a9e886b0b528317fd2300d06092a… (id-at-commonName=eu.actual.battle.net,id-at-organizationName=Blizzard Entertainment, Inc.,id-at-localityName=Irvine,id-at-stateOrProvinceName=Califor
signedCertificate
version: v3 (2)
serialNumber: 0x06a2b5b399c3b4a9e886b0b528317fd2
signature (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
issuer: rdnSequence (0)
validity
subject: rdnSequence (0)
subjectPublicKeyInfo
extensions: 10 items
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted: 217949af737e0806bd6b4f8979888a84186f91e118620b8cea5aeda162dc919f3d104adb…
Certificate Length: 1262
Certificate: 308204ea308203d2a00302010202100a3508d55c292b017df8ad65c00ff7e4300d06092a… (id-at-commonName=DigiCert TLS RSA SHA256 2020 CA1,id-at-organizationName=DigiCert Inc,id-at-countryName=US)
signedCertificate
version: v3 (2)
serialNumber: 0x0a3508d55c292b017df8ad65c00ff7e4
signature (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
issuer: rdnSequence (0)
validity
subject: rdnSequence (0)
subjectPublicKeyInfo
extensions: 8 items
algorithmIdentifier (sha256WithRSAEncryption)
Algorithm Id: 1.2.840.113549.1.1.11 (sha256WithRSAEncryption)
Padding: 0
encrypted: 77abb77a273daebbf67fe05a56c984aaca5b7117dd2247fc4e9feed0c1a404e1a3ebc549…