> A customer is reporting an issue. Perhaps someone understands
> this error better than I do:
> Error: 10053, Status: 404, Reason: SSL handshake failed -
> error:14094458:SSL
> routines:ssl3_read_bytes:tlsv1 unrecognized name
SSL handshake failures are difficult to diagnose, despite the seemingly
extensive error messages.
Most of the time, handshake errors are down to incompatible ciphers and
protocols, the server might have ancient support and the client demands
modern protocols, or vice versa.
'unrecognized name' might relate to Server Name Indication which was
not supported with SSL, only TLS.
The best diagnostic is put the remote host name into an SSL server test
tool, like:
https://www.ssllabs.com/ssltest/
which will throw hundreds of SSL packets are the server and generate an
extensive report it's capabilities, or lack of them. This will almost
certainly explain what is wrong.
Otherwise you need to use Wireshark or something to examine the actual
handshake packets and see what is missing, not trivial.
OpenSSL 1.1.0 includes better diagnostics allowing the handshake
packets to be logged by ICS, after decryption, but ICS does not yet
have the protocol analysis that Wireshark has to decode the packets.
Angus
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
