3 Replies Latest reply on Mar 14, 2017 3:32 PM by kbolt

    Handshake Failed SSL Error

    kbolt

      I'm seeing an issue while trying to access the site https://rewards.firstglobal-bank.com which results in the following block page:
      errpage.JPG

       

       

      I find that strange since https://www.firstglobal-bank.com works without an issue. In my SSL Scanner ruleset, I've allowed banking institutions to proceed without undergoing Content Inspection by looking for certain website categories. What exactly is this error telling me? After looking at the rule trace, I realize that while trying to access this problem webpage the Certificate Verification rule under "Handle CONNECT Call" isn't hit because Command.Name variable is never equal to CERTVERIFY, it's only CONNECT. I'm not sure how to force a CERTVERIFY or if that's even the source of the problem.

       

      I looked at some Wireshark captures and it seems that the normal 3way TCP and 2way SSL handshakes go through without issue, with the strange exception that the Server Hello is separate from the Server Certificate and the Server Key Exchange meaning I'm used to seeing as one one packet. I'll attach two images of the TCP streams.

       

       

      After reading this user's question SSL handshake failed block page and logging I imported the rulest attached and the log file results in this:

       

      2017-03-08 18:45:01 WGL-MWG01 500 HTTP rewards.firstglobal-bank.com 208.138.39.203 handshakefailed GET 10.0.11.143 error:00000000:lib(0):func(0):reason(0):SSL error at server handshake:state 25:Application response 500 handshakefailed Block Applications in Response Cycle https://rewards.firstglobal-bank.com/

      2017-03-08 18:45:02 WGL-MWG01 500 HTTP rewards.firstglobal-bank.com 208.138.39.203 handshakefailed GET 10.0.11.143 error:00000000:lib(0):func(0):reason(0):SSL error at server handshake:state 25:Application response 500 handshakefailed Block Applications in Response Cycle https://rewards.firstglobal-bank.com/favicon.ico

       

      Can anyone help me to see what's going wrong here?