cancel
Showing results for 
Search instead for 
Did you mean: 
wajeeh_r
Level 9

Problem of SSL handshake with login.live.com

Dear All,

We are facing problem of SSL handshake when attempting to open 'hotmail.com' or 'outlook.com' there is error message for 'login.live.com', this started from 1st jan 2015, before that it was fine. I need your help to fix this. Please see attached screen shot of error message.

handshake_hotmail.jpg

Waiting for response.

Regards,

Wajeeh

0 Kudos
7 Replies
wajeeh_r
Level 9

Re: Problem of SSL handshake with login.live.com

Dear All,

No Response from any one for above, Please assist.

thanks,

Wajeeh

0 Kudos
anas.ismail
Level 9

Re: Problem of SSL handshake with login.live.com

Hello Wajeeh,

you have to add the website that showing this error message to tunneled  hosts from SSL Scanner.

Anas

0 Kudos
wajeeh_r
Level 9

Re: Problem of SSL handshake with login.live.com

Dear Anas,

Thanks for your response. I need to ask you why it is required to add the above site to tunneled hosts now ? From last two years this site was working find from the same gateway. It is the hotmail website which goes to 'login.live.com'

It only started giving above error from last Thursday. Can you please give me any detail relating to this why all of a sudden we need to add this site in order to get it work normally.

Thanks,

McAfee Employee

Re: Problem of SSL handshake with login.live.com

Hi Wajeeh,

Have you followed the POODLE guide?

A lot of servers are now rejecting handshakes if they include SSLv3.

Best Regards,

Jon

wajeeh_r
Level 9

Re: Problem of SSL handshake with login.live.com

Hello Jon,

Support engineer from McAfee did the following change in our 'default certificate verification' under SSL, they unchecked alternative handshake 'TLS 1.2' while for initial request 'TLS 1.2 is checked', now we checked 'login.live.com', it is working

They advised it should be like this.

Thanks,

McAfee Employee

Re: Problem of SSL handshake with login.live.com

Hello,

The problem is specific to a particular type of webserver software (Microsoft-HTTPAPI/2.0) AND their implementation of the AES GCM cipher.

Please use the workaround from my screenshot.

SSL_TLS1.2-error.jpg

Regards,

Stefan

dshock
Level 9

Re: Problem of SSL handshake with login.live.com

Update!

The problem with login.live.com was not a result of the server attempting to use ciphers not supported by MWG.

The problem was a result of the server's implementation of the AES GCM cipher. This problem has since been corrected by the login.live.com server team.

It is still MWG support's recommendation to follow the Poodle Best Practice Guide:

0 Kudos