5 Replies Latest reply on Aug 3, 2015 5:06 PM by Travler

    Problem with Google...?


      Starting yesterday, we've experienced intermittent problems with Google.  The page simply won't load.  If we uncheck our browser's pac file setting, the page will load, but if we then recheck it, the page breaks again.  If you simply wait a few minutes, everything seems to straigten out and the page will eventually display correctly.


      Luckily, I did catch one session where the page timed out, leaving me with a page that stated:


      The SSL handshake could not be performed.

      Host: www.google.com

      Reason: error:00000000:lib(0):func(0):reason(0)


      I've searched the Community and found a thread from Jan 2015 showing the exact same error caused by hotmail

      Mcafee Web Gateway cannot access web hotmail

      and which suggests using the Poodle guide for a fix

      How McAfee Web Gateway can protect end users from the POODLE vulnerability


      While the POODLE guide shows how to make a rule to allow SSL v3 for sites that need them, I'm baffled that this would be a fix for Google who has been on the forefront of getting away from SSL v3.


      So, first off, has anyone else experienced any problems with Google over the past two days?  And, if so, does anyone have a suggestion?



        • 1. Re: Problem with Google...?

          We are seeing this issue.  It looked to start yesterday for us.  Have you gotten your issue resolved yet?

          • 2. Re: Problem with Google...?

            Hello arundall,


            No, McAfee support and I have not resolved the issue yet.


            Since it states it is a SSL Handshake error, we suspected it may have something to do with our recently enabled SSL Scanning rule.  However, the first reports of the issue were on machines that aren't included in my SSL Scanning test group, so I don't think it is related to that.  Nevertheless, we created a test SSL Scanning ruleset to enable if the problem happens again; this will prove whether the SSL Scanning rule is responsible for the error or not.  Unfortunately (or fortunately, depending on you outlook), I haven't been able to catch the problem happening for over a week now.  It appears to be a VERY intermittent problem.


            I'll post back here if I get more news.  In the meantime, feel free to use this thread for any updates from your end.



            • 3. Re: Problem with Google...?

              Thanks for the update Travler.  We cam in this morning and our issues seem to have resolved themselves.  Very odd behavior. 

              • 4. Re: Problem with Google...?

                We occasionally had problems with Google before McAfee provided the feature to NOT "Include indication that previous handshake failed". If you use "Alternative handshake settings" with lower TLS protocol level make sure NOT to activate that feature because otherwise Google servers will put you down on second attempt because of TLS_FALLBACK_SCSV

                • 5. Re: Problem with Google...?

                  After speaking with McAfee support, we created some troubleshooting rules to help pin point the problem.  However, we have never caught the problem happening again.  For that matter, none of our end users have reported experiencing the problem again, either.  I can only conclude that it was an intermittent problem with perhaps one or two of Google's servers.


                  If we ever experience it again, I'll be sure to post back here.