cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Problem of SSL handshake with login.live.com

Dear All,

We are facing problem of SSL handshake when attempting to open 'hotmail.com' or 'outlook.com' there is error message for 'login.live.com', this started from 1st jan 2015, before that it was fine. I need your help to fix this. Please see attached screen shot of error message.

handshake_hotmail.jpg

Waiting for response.

Regards,

Wajeeh

7 Replies

Re: Problem of SSL handshake with login.live.com

Dear All,

No Response from any one for above, Please assist.

thanks,

Wajeeh

Re: Problem of SSL handshake with login.live.com

Hello Wajeeh,

you have to add the website that showing this error message to tunneled  hosts from SSL Scanner.

Anas

Re: Problem of SSL handshake with login.live.com

Dear Anas,

Thanks for your response. I need to ask you why it is required to add the above site to tunneled hosts now ? From last two years this site was working find from the same gateway. It is the hotmail website which goes to 'login.live.com'

It only started giving above error from last Thursday. Can you please give me any detail relating to this why all of a sudden we need to add this site in order to get it work normally.

Thanks,

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 8

Re: Problem of SSL handshake with login.live.com

Hi Wajeeh,

Have you followed the POODLE guide?

A lot of servers are now rejecting handshakes if they include SSLv3.

Best Regards,

Jon

Re: Problem of SSL handshake with login.live.com

Hello Jon,

Support engineer from McAfee did the following change in our 'default certificate verification' under SSL, they unchecked alternative handshake 'TLS 1.2' while for initial request 'TLS 1.2 is checked', now we checked 'login.live.com', it is working

They advised it should be like this.

Thanks,

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 8

Re: Problem of SSL handshake with login.live.com

Hello,

The problem is specific to a particular type of webserver software (Microsoft-HTTPAPI/2.0) AND their implementation of the AES GCM cipher.

Please use the workaround from my screenshot.

SSL_TLS1.2-error.jpg

Regards,

Stefan

Level 9
Report Inappropriate Content
Message 8 of 8

Re: Problem of SSL handshake with login.live.com

Update!

The problem with login.live.com was not a result of the server attempting to use ciphers not supported by MWG.

The problem was a result of the server's implementation of the AES GCM cipher. This problem has since been corrected by the login.live.com server team.

It is still MWG support's recommendation to follow the Poodle Best Practice Guide:

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community