We are the vendor of a Software as a Service (SAAS)
One of our clients customers cannot access our SSL encrypted webpage and receive the error from their gateway of "The SSL handshake could not be performed"
They have worked around it by getting out their mobile and using that instead to access us, but of course I would like to remedy any worries the gateway may have.
I have googled about but cannot find any recent posts on the subject, our clients customer thinks it maybe to do with new POODLE vunerablitys found yesterday (8th Dec 14) to that end I tested our URL with the following sites (one McAfee and one independent) and got a clean bill of health, what else should I be checking (in the light of SHA-2 we are using reissued certificates and have disabled SSL3).
I can suggest you to fetch your site in ssl scanner but I can not say that it is the best way to solve the problem you have but it works.
SSL scanner is a new tool to me, there doesn't seem to be anything obvious except at the bottom it says
unable to get local issuer certificate
the exception mentioned above should work if MWG is not happy with the certificate provided by the server. However "SSL Handshake Failed" is a failure that can happen before the checks for the certificate takes place. In SSL Scanner -> Handle CONNECT Request you find a rule "Tunneled Hosts". If you specify the host where your site is hosted in this list MWG will not try to intercept the connection, so that client and server basically perform the handshake directly. Otherwise the client will talk to MWG and MWG will make an independet SSL handshake with the server.
Maybe this would be a good approach to prevent MWG from touching anything.