We have a group working with an AWS service that we haven't used before (though many others are in use), and it just can't seem to get off the ground.
We've resorted to packet traces for understanding the breakdown.
Here's a summary:
The thing is, there is no SSL inspection/intercept.
AWS support says that packet traces on working systems show the Client Hello going out about 180ms after the socket is established.
All of the proxy timeouts in the configuration are 10 seconds or more.
Is there a setting we need to know about here--a hidden timeout for SSL/TLS that applies when there is no SSL inspection/intercept?
open a SR with McAfee about the SSL handshake error. They will certainly require a Rule Engine Trace (see here) and Connection Tracing (GUI->Configuration->Troubleshooting->Enable Connection Tracing, results are at GUI->Troubleshooting->Connection Tracing).
Typically, you'll get a technically sound answer quite fast from them.
If there is no SSL interception, I dont think we'd sent a handshake failure back to the client.
I'm guessing that MWG might be performing the handshake instead of the client (this happens you hit the "Enable cert verification" was enabled).
Have you tried a client IP bypass at the very top of the rules as a test?