SLv3.0 vulnerabilities and handshake problems...":SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure" #24
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
First of all: Why should you disable sslv3 (and tlsv1.0 which is outdated too): http://disablessl3.com/
For "old" server which are ignoring the threats tied to sslv3, we designed an exception list containing server which are allowed to communicate in "sslv3.0" and "tlsv1.0".
For most of these server the communication works fine.
But the communication to the "jquery.com" fails with the following error: "SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure".
Reasons found in the internet trying to explain this error are for example:
DNS - problems: But we can access the "http"-pages without any problem. So it does not look like a dns-problem...
"Destination Site does not like the cipher": We are using a "selfsigned key" build on our private PKI (http://blog.techstacks.com/2010/03/3-common-causes-of-unknown-ssl-protocol-errors-with-curl.html) so you must see somthing in the server-logs if this is the problem... This error is often referred to as an problem in the usage of curl. Since we use an appliance we do not know whether curl is implemented and used or not.
Following https://curl.haxx.se/mail/archive-2014-11/0030.html the only way to deal with the problem ist to switch off sslv3.0 ...
The text was updated successfully, but these errors were encountered: