A tunnel client is failing to connect to the tunnel server.

The hub GUI shows an error message:  "invalid response from (IP Address) - are you sure you are connected to a tunnel server?

The hub log on the tunnel client shows one or more of the following errors:

SSL layer error (5) encountered, ending session
CTRL receive message failed for get id command (connection closed)
CTRL failed to get ID from (Tunnel Server IP Address)

DX UIM - Any Version
Hub with SSL Tunnels enabled

slow response from server

If the tunnel server is under heavy load, and it takes more than 10 seconds to complete the SSL handshake, this error message will occur.

Check to ensure the tunnel server has sufficient resources (especially CPU) and ensure there is minimal network latency in the environment.

It may help to restart the tunnel server.

In hub 23.4.6 and prior, the 10-second limitation for SSL handshakes is hardcoded.

In DX UIM 23.4.7 (CU7) we have introduced an option to make this configurable.

Edit the hub.cfg (or use Raw Configure> and in the <tunnel> section, add the following key:

<tunnel>
 client_handshake_timeout = ###

The value is given in seconds.  Your network administrator can work with you to obtain a packet capture if needed, to determine how long handshakes are taking to complete in the environment, or you can simply experiment with increasing the value from the default of 10 until the problem is resolved.