I've failed to find much solid information on how to troubleshoot handshake failures with HTTPS sites through MWG, and we've encountered a couple of sites recently that have us stumped. I've tried every reasonable combination of ciphers I know to use, and I've confirmed that the sites don't have unreasonably strict or loose requirements, yet through our proxies we get handshake failure errors no matter what if we have certificate validation enabled.
One specific and easy example is:
Any guidance would be greatly appreciated!
Ugh. I didn't find anything on this issue a few weeks ago, so I didn't think to search again before posting this today. I just realized that this same issue is being discussed in the thread . Unfortunately what appears to be a fix in 188.8.131.52 is a setting not yet available to me in 7.6.2, so I'll look through the release notes of 7.6.x updates to see if it's covered anywhere yet.
I guess the point is to fallback also to TLS1.0. This help us even on 184.108.40.206
So first, try to handshake with TLS1.2 and TLS1.1 and TLS1.0. When handshake fails, try to fallback again to TLS1.0 :-)