After successfully upgrading to VMware AVI Load Balancer version 31.1.1, SSL handshake failures may occur.

This issue is indicated by errors observed in the Pool Health Monitors, which display the following error message:

• Error signature:
  Reason: SSL connection failed.
SSL Error: SSL Error:unsafe legacy renegotiation disabled 
  
  Error Image:
  
• This error occurs due to changes in the SSL renegotiation behavior in the newer version.

• VMware AVI Load Balancer Version: 31.1.1
  
  
• OpenSSL stack version 3.0.13

This error occurs due to changes in the SSL renegotiation behavior in the newer version.

• In versions prior to 31.1.1, the OpenSSL stack version (1.1.1) included a setting that allowed server connections from legacy servers that did not support secure renegotiation. This setting was enabled by default, allowing SSL handshakes to succeed even with older, less secure servers.
  
  
• In version 31.1.1, the OpenSSL stack was upgraded to version 3.0.13. This version does not allow connections from legacy servers that do not support secure renegotiation by default, leading to SSL handshake failures.

As a workaround, rolling back to the previous version can resolve the issue, as the previous versions allow legacy renegotiation by default.

The issue is fixed in the VMware AVI load Balancer 31.1.1-2p1 patch release, restoring the ability to accept connections from legacy servers that do not support secure renegotiation.