We are facing problem of SSL handshake when attempting to open 'hotmail.com' or 'outlook.com' there is error message for 'login.live.com', this started from 1st jan 2015, before that it was fine. I need your help to fix this. Please see attached screen shot of error message.
Waiting for response.
Thanks for your response. I need to ask you why it is required to add the above site to tunneled hosts now ? From last two years this site was working find from the same gateway. It is the hotmail website which goes to 'login.live.com'
It only started giving above error from last Thursday. Can you please give me any detail relating to this why all of a sudden we need to add this site in order to get it work normally.
Support engineer from McAfee did the following change in our 'default certificate verification' under SSL, they unchecked alternative handshake 'TLS 1.2' while for initial request 'TLS 1.2 is checked', now we checked 'login.live.com', it is working
They advised it should be like this.
The problem is specific to a particular type of webserver software (Microsoft-HTTPAPI/2.0) AND their implementation of the AES GCM cipher.
Please use the workaround from my screenshot.
The problem with login.live.com was not a result of the server attempting to use ciphers not supported by MWG.
The problem was a result of the server's implementation of the AES GCM cipher. This problem has since been corrected by the login.live.com server team.
It is still MWG support's recommendation to follow the Poodle Best Practice Guide: