cancel
Showing results for 
Search instead for 
Did you mean: 

SSL/TLS Handshake Failures with Certificate Validation

I've failed to find much solid information on how to troubleshoot handshake failures with HTTPS sites through MWG, and we've encountered a couple of sites recently that have us stumped. I've tried every reasonable combination of ciphers I know to use, and I've confirmed that the sites don't have unreasonably strict or loose requirements, yet through our proxies we get handshake failure errors no matter what if we have certificate validation enabled.

One specific and easy example is:

https://www.continuum.io

Any guidance would be greatly appreciated!

0 Kudos
2 Replies

Re: SSL/TLS Handshake Failures with Certificate Validation

Ugh. I didn't find anything on this issue a few weeks ago, so I didn't think to search again before posting this today. I just realized that this same issue is being discussed in the thread . Unfortunately what appears to be a fix in 7.5.2.9 is a setting not yet available to me in 7.6.2, so I'll look through the release notes of 7.6.x updates to see if it's covered anywhere yet.

0 Kudos
lubomir_cerny
Level 12

Re: SSL/TLS Handshake Failures with Certificate Validation

I guess the point is to fallback also to TLS1.0. This help us even on 7.5.2.8

So first, try to handshake with TLS1.2 and TLS1.1 and TLS1.0. When handshake fails, try to fallback again to TLS1.0 :-)

0 Kudos