What causes "reject Internal error(0x33002801)" in the SSLV logs ?

book

Article ID: 169307

calendar_today

Updated On:

Products

SSL Visibility Appliance Software

Issue/Introduction

The follow sample entry is generated in the Syslog :
Dec 16 12:12:12 sslva ssldata[4444]: [A:88888888]* 1111111111 192.168.192.168:59999 -> 199.91.134.151:443 TLS1.2 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 bto.bluecoat.com rule:1 reject Internal error(0x33002801)

 

Cause

There was an out-of-bound TCP retransmission in the block cipher boundaries. In this case, SSLV will drop the retransmission and treat it as an internal boundary error.

The error code in question is part of the sanity check for TCP retransmissions.

Resolution

None.

Workaround

Use stream ciphers instead of block ciphers.