Troubleshooting a CFSSL:SSL error message

book

Article ID: 167009

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

Troubleshooting a CFSSL:SSL error message
What does an SSL error message mean?
You want help troubleshooting a CFSSL:SSL error message

Resolution

These messages were detected by some secure service on the ProxySG - https-console, https-reverse-proxy or SSL proxy, etc.

2007-06-05 21:43:57+02:00CEST "CFSSL:SSL_accept error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message" 0 310000:1 ../cf_ssl.cpp:1505

2007-06-05 21:44:03+02:00CEST "CFSSL:SSL_accept error:14089087:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:cert length mismatch" 0 310000:1 ../cf_ssl.cpp:1505

2007-06-06 09:09:55+02:00CEST "CFSSL:SSL_accept error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000)" 0 310000:1 ../cf_ssl.cpp:1505v

2007-06-06 15:39:30+02:00CEST "CFSSL:SSL_accept error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol" 0 310000:1 ../cf_ssl.cpp:1505

In this instance all of the above messages indicate that the client is sending ProxySG truncated or invalid SSL messages.

Event Log messages below related to when the ProxySG is acting as SSL client.

2007-06-06 09:10:03+02:00CEST "Stats Worker: received status Socket connect error during HTTPS put operation" 0 2D0006:1 ../Worker.cpp:745

2007-06-06 09:10:03+02:00CEST "Stats Worker: couldn't send report ProxySG Appliance Summary Statistics through HTTPS to Blue Coat" 0 2D0006:1 ../Worker.cpp:679

2007-06-06 09:29:46+02:00CEST "Abnormal receive request termination of connection from local port 41218 to advanced forwarded server 192.168.201.21. 11 retransmissions occurred with at least one packet having 11 retransmissions" 0 80204:1 ../htp_server.cpp:5031

Generally if Event Log messages begins with CFSSL:SSL_accept error, that means the ProxySG encountered errors on the client side connection when acting as an SSL server. If they begin with CFSSL:SSL_connect error, that means the ProxySG encountered errors on the server side or upstream connection when acting as an SSL client.