2 Replies Latest reply on Dec 12, 2016 3:19 AM by feickholt

    SSL Question:

    feickholt

           We tried to reach https://ccremote.computacenter.de/

       

      Using 7.5.2 we receive the error  error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:SSL error at server handshake:state 25:Application response 500 handshakefailed

       

      Usind 7.7.0 it works..

       

      Both same SSL configuration

       

      any ideas?

        • 1. Re: SSL Question:
          kschwarz

          Hi feickholt,

           

          If there is no difference in the SSL config, we will still have different libraries. Also there have been changes due to SSL vulnerabilities in several versions.

          Which exact 7.5.2 version did you use to test?

          I was unable to reproduce the issue with 7.5.2.11 but maybe I have used another configuration.

           

          Kind Regards,

           

          Katharina

          • 2. Re: SSL Question:
            feickholt

            We solve the problem.

            This is related to TLS 1.2. We use 7.5.2.8. We defined a fallback to TLS 1.1 and everything works. Nevertheless: TLS 1.2. does not work with this server. (other serves with 1.2 works without any problems)

             

            Other general questions:

            1. The proxy creates new certificates for the connection with the client.

             

            What will be copied to the new certificate:

                 The commonname 1:1?

                 What happens with wildcard zertificates? copies the wildcard CN or does the proxy change the CN to the real one?

                 What happens to SAN (Subject Alternative Names) ?