Forum Discussion

Scrapper_38438's avatar
Scrapper_38438
Icon for Nimbostratus rankNimbostratus
Jan 06, 2015

SSL Handshake error

I have one of my VIP configured to use SSL profile, ssl handshake is failing. I have tried using default ciphers and also tried using All ciphers but still the handshake is failing.

Here is the tcp dump.

 New TCP connection 1: 10.xx.xx.254(3990) <-> xx.xx.xx.131(443)
1    0.2331 (0.2331)  C>S  TCP RST
New TCP connection 2: 10.xx.xx.254(30154) <-> xx.xx.xx.131(443)
2    0.2337 (0.2337)  C>S  TCP RST
New TCP connection 3: 10.xx.xx.253(40997) <-> xx.xx.xx.131(443)
3 1  0.2318 (0.2318)  C>S  Handshake
      ClientHello
        Version 3.3
        cipher suites
        TLS_RSA_WITH_AES_256_CBC_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA256
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_RC4_128_SHA
        Unknown value 0xc028
        Unknown value 0xc014
        Unknown value 0xc027
        Unknown value 0xc013
        Unknown value 0xc012
        Unknown value 0xff
        compression methods
                  NULL
3 2  0.4649 (0.2331)  S>C  Handshake
      ServerHello
        Version 3.1
        session_id[32]=
          f6 2f cf 54 10 74 f3 07 70 88 39 b4 d2 3b af bb
          f7 bc d3 a4 e1 67 2e 80 60 39 59 43 e9 61 bf 22
        cipherSuite         TLS_RSA_WITH_AES_256_CBC_SHA
        compressionMethod                   NULL
3 3  0.4650 (0.0000)  C>S  Alert
    level           fatal
    value           handshake_failure
3    0.4651 (0.0000)  C>S  TCP RST
  • Client version is latest 3.3, which means it is backward compatible, so it should support TLS version 1.0, however, I have tried disabling TLS 1.0 but it still fails to handshake.

     

    Any suggestion?