cancel
Showing results for 
Search instead for 
Did you mean: 
RayP
Level 7

ICA and McAfee Web Gateway 7.1.0.5.0 "The SSL handshake could not be performed" "SSL routines:SSL23_GET_CLIENT_HELLO"

Jump to solution

Hi All,

When a pc has the proxy configured within the webbrowser and they want to go to access a published application on a Citrix Web Interface (internal adres) they receive the following message.

Citrix
"Unable to launch your application. Contact your help desk with the following information: Cannot connect to the Citrix XenApp server. Protocol Driver error."

SSL Scanning is turned on by default.

When I turn of SSL Scanning, ICA is working. So the problem has something to do with SSL Scanning.

Some tracing log entries:

10:34:16.483: Accepted connection on 192.168.105.36:9090 from 172.16.0.130:59142

10:34:16.484: Received 193 bytes

>>>

CONNECT 10.90.1.140:2598 HTTP/1.0

Host: 10.90.1.140:2598

Accept:*/*

Connection: Keep-Alive

Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIogUABQAuAAAABgAGACgAAAAFASgKAAAAD0FWVzE0OUFWSUtP

<!--Title-->

<table class='titleTable' background='/mwg-internal/de5fs23hu73ds/files/default/img/bg_navbar.jpg'>

  <tr>

    <td class='titleData'>

      Handshake failed

    </td>

  </tr>

</table>

<!--/Title-->

<!--Content-->

<table class="contentTable">

  <tr>

    <td class="contentData">

      The SSL handshake could not be performed.

    </td>

  </tr>

</table>

<!--/Content-->

<!--Info-->

<table class="infoTable">

  <tr>

    <td class="infoData">

      <b>Host: </b>10.90.1.140<br />

      <b>Reason: </b>error:140760FCSmiley FrustratedSL routinesSmiley FrustratedSL23_GET_CLIENT_HELLO:unknown protocol

    </td>

  </tr>

</table>

<!--/Info-->

Who has the solution?

0 Kudos
1 Solution

Accepted Solutions
asabban
Level 17

Re: ICA and McAfee Web Gateway 7.1.0.5.0 "The SSL handshake could not be performed" "SSL routines:SSL23_GET_CLIENT_HELLO"

Jump to solution

Try it this way:

Auswahl_329.png

0 Kudos
4 Replies
asabban
Level 17

Re: ICA and McAfee Web Gateway 7.1.0.5.0 "The SSL handshake could not be performed" "SSL routines:SSL23_GET_CLIENT_HELLO"

Jump to solution

Hello,

RayP schrieb:


      <b>Reason: </b>error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol


This pretty much sounds like there is a problem in establishing an SSL connection to the remote end. Probably there is no real HTTPS traffic going through, but something that is tunneled within SSL. MWG won´t be able to read this. I believe an option would be to tunnel the SSL Decryption for this host, like adding 10.90.1.140 to the SSL Host Tunnel List.

For a more detailled analysis I think more data is required to find out what exactly is happening here. Maybe you can also file an SR for support?

Best,

Andre

0 Kudos
RayP
Level 7

Re: ICA and McAfee Web Gateway 7.1.0.5.0 "The SSL handshake could not be performed" "SSL routines:SSL23_GET_CLIENT_HELLO"

Jump to solution

Hi Andre,

Thanks for your reply.

It's not just 10.90.1.140. The IP address is randomly chosen. The servers are in a complete range of 10.90.1.* /24

Can I put a IP range in a SSL Host Tunnel List?

Regards,
Ray

0 Kudos
asabban
Level 17

Re: ICA and McAfee Web Gateway 7.1.0.5.0 "The SSL handshake could not be performed" "SSL routines:SSL23_GET_CLIENT_HELLO"

Jump to solution

Try it this way:

Auswahl_329.png

0 Kudos
RayP
Level 7

Re: ICA and McAfee Web Gateway 7.1.0.5.0 "The SSL handshake could not be performed" "SSL routines:SSL23_GET_CLIENT_HELLO"

Jump to solution

Hi Asabban,

Yes it worked..thanks

Regards,

Ray

0 Kudos