1 Reply Latest reply on Nov 9, 2014 8:07 PM by btlyric

    SSL handshake failed block page and logging


      When we made the configuration changes to disable SSLv3 in MWGv7, our users started getting more "Handshake failed" block pages.


      Can someone tell me how and where the "Handshake failed" block page is triggered? I'm thinking it must be in the Error Handler but I haven't been able to figure it out. The footer says that the rule name is "Dynamic Content Classifcation ) Dynamic Content Classifcation)" but that doesn't seem to make any sense.


      Also, how and where are these events logged? I suspect that the user may not see or report all of these events and I'd like to be able to track it down in a log file.


      Thanks for your help,


        • 1. Re: SSL handshake failed block page and logging

          If you are using the default log settings, these entries will be logged in the access.log with a Response.StatusCode of 500.


          If you add the property Message.TemplateName to that log, you will see entries that have "handshakefailed" for the Message.TemplateName value.


          The handshake failed page is an internal proxy page which you can view by accessing the Edit functionality for any block page and then looking under the File System section for the handshakefailed.html file.


          Based on how I've seen MWG behave, MWG retrieves the server's certificate when you enable certificate verification. If MWG cannot negotiate the appropriate protocol values with the remote server, the connection will fail with a handshake failed message.


          You could set up a custom log handler that triggers of Message.TemplateName = "handshakefailed" and have it generate entries that include whatever information you're interested in. For example:


          2014-11-09 20:57:57,500,HTTP,sodexhoinfo-usa.com,,handshakefailed,GET,error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number,CERTVERIFY TLSv1,https://sodexhoinfo-usa.com/ 


          Sample rule set attached.