"SSL client handshake completion failure" in errored sessions

book

Article ID: 166940

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

 www.google.com:443 - - - REQMOD: inactive RESPMOD: inactive 1.1 days 174 0 n/a - - - P BM (D) Explicit HTTP SSL SSL(error) : "SSL client handshake completion failure"    0 sec
 

Resolution

Google talk will by default try to connect over port 443. It is an application. The site does not provide a server certificate, which is required for the ssl proxy to work.

Disabling server certificate validation can be used to stop this error occuring . Alternatively disable ssl proxy for this site.

To disable server certificate validation

<ssl>
    server.certificate.validate(no)

 

You would of course make this more granular so that you only disable certificate validation for this site.