DataPower

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

1. SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

Like
Abdullah Al Masad
Posted Tue January 23, 2024 03:25 PM

Reply
Dear Community ,

I'm facing a weird situation where I have a service applied on 2 domains (Test Domain and Prod Domain) and it's working like a charm on Test Domain , but when I move it to another domain (Prod Domain) it says : " Fatal Handshake Failure alert received from SSL server instead of ServerHello" , also all the configuration are same.

Note : these 2 domain are in the same appliance.

Best Regards,

------------------------------
Abdullah Al Masad
------------------------------
2. RE: SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

Like
Joseph Morgan

IBM Champion
Posted Tue January 23, 2024 04:08 PM

Reply
Interesting. Have you tried a packet capture to both for comparison?

------------------------------
Joseph Morgan
------------------------------

Original Message
3. RE: SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

Like
Abdullah Al Masad
Posted Wed January 24, 2024 01:24 AM

Reply
Dears ,

sorry for inconvenience it's also both test and prod are returning the same issue , and I found that the service is using TLS V1.3 , where our datapower version :IDG.2018.4.1.10 , which is not supported.

Thank you

------------------------------
Abdullah Al Masad
------------------------------

Original Message
4. RE: SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

Like
Ajitabh Sharma
Posted Wed January 24, 2024 01:12 AM

Reply
Hi Masad,

I would suggest to do an openssl test before concluding anything. You can try openssl s_client -connect <server host name>:<port> and check if this connection succeeds. If yes do you get to see server certificates? What is the TLS version do you see? If no your SSL/TLS server profile attached with FSH has issue. Are all objects up on FSH side ?

------------------------------
Ajitabh Sharma
------------------------------

Original Message

DataPower

DataPower

SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

Abdullah Al MasadTue January 23, 2024 03:25 PM

Joseph MorganTue January 23, 2024 04:08 PM

Abdullah Al MasadWed January 24, 2024 01:24 AM

Ajitabh SharmaWed January 24, 2024 01:12 AM

1. SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

2. RE: SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

3. RE: SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

4. RE: SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

Additional
Resources

Office

Quick Links

DataPower

DataPower

SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

Abdullah Al MasadTue January 23, 2024 03:25 PM

Joseph MorganTue January 23, 2024 04:08 PM

Abdullah Al MasadWed January 24, 2024 01:24 AM

Ajitabh SharmaWed January 24, 2024 01:12 AM

1. SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

2. RE: SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

3. RE: SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

4. RE: SSL Certificate Fatal Handshake Failure alert received from SSL server instead of ServerHello

Additional Resources

Office

Quick Links

Additional
Resources