Forum Discussion

rxbauer_80267's avatar
rxbauer_80267
Icon for Nimbostratus rankNimbostratus
Mar 20, 2019

server side ssl - handshake error

Using fastl4 - server works as expected.

 

Using standard 443- 8443 with no offload-server works as expected.

 

Using standard 443-8443 - with SSLoffload - fails on the serverside.

 

S>C HandshakeError: short handshake length: expected 27322 got 16380

 

S>C HandshakeError: short handshake length: expected 394069 got 10942

 

  • Using fastl4 - server works as expected.

     

    Using standard 443- 8443 with no offload-server works as expected.

     

    Using standard 443-8443 - with SSLoffload - fails on the serverside.

     

    New TCP connection 3: 172.16.33.170(8503) <-> 172.16.61.240(8443) 3 1 0.0015 (0.0015) C>S Handshake ClientHello Version 3.3 cipher suites TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression methods NULL extensions supported_groups ec_point_formats signature_algorithms extended_master_secret 3 2 0.0021 (0.0005) S>C Handshake ServerHello Version 3.3 session_id[32]= 63 01 f6 ce 06 8f 44 aa 46 4b d7 45 d2 90 8f 36 4c 49 ad f9 81 32 b4 ba 85 f1 c5 df 2c 3f e5 7e cipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 compressionMethod NULL extensions renegotiation_info ec_point_formats 3 3 0.0036 (0.0014) S>C Handshake Certificate 3 4 0.0036 (0.0000) S>C Handshake ServerKeyExchange 3 5 0.0049 (0.0013) S>C HandshakeError: short handshake length: expected 27322 got 16380 3 6 0.0057 (0.0008) S>C HandshakeError: short handshake length: expected 394069 got 10942 3 7 0.0066 (0.0008) C>S Alert level fatal value handshake_failure 3 0.0067 (0.0001) C>S TCP RST
    • GanesanPakkirisamy's avatar
      GanesanPakkirisamy
      Icon for Nimbostratus rankNimbostratus

      i am also facing the same issue in our environment. can you please share how you fixed this issue, Thanks in advance.

  • M_2's avatar
    M_2
    Icon for Altocumulus rankAltocumulus

    Did you try attaching both clientssl and serverssl (since 8443 looks like ssl port) profiles to the virtual ? if still issue persist you may try checking server side ciphers.