Investigating when an SSL Session Reject occurs due to Invalid Crypto Response

book

Article ID: 168168

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

SSL Session Logs show that access to the affected site is being Rejected due to Invalid Crypto Response.

Cause

Sessions may be rejected for various reasons, such as:
  • Client certificates being used.
  • Client trying to renegotiate an SSL session after the SSLV has intercepted it.
  • An error was encountered during the SSL handshake.

This message in particular happens when the SSL Visibility Appliance encounters an error during its modular arithmetic (processing and calculating keys).
 

Resolution

To investigate further, we need :
  • To determine if only specific sites see the issue
  • To know how often it happens
  • A packet capture with corresponding SSL Session logs.
  • The Diagnostics logs.