ADC: SSL Handshake failure - FATAL ALERT
Article ID: CTX282542
Updated On:
Description
- SSL Handshake Failure between client and ADC
- Handshake Alert - FATAL ALERT (before the TCP handshake is completed)
Resolution
Add the cipher group or ciphers list under SSL Cipher option on the vserver. Make sure the Cipher list is not empty
Problem Cause
No Cipher or Cipher Group added under "SSL Cipher" on a vserver.Additional Information
SSL Cipher List Empty
NetScaler will send a FATAL ALERT to the back end server even if the SSL cipher list in the SERVICES Tab is empty.
But this time the FATAL ALERT will be sent even before the TCP handshake is completed.
So make sure that the Cipher list is not empty.
By default, ALL the ciphers are allowed or enabled on Service/Service Group and when the virtual server is created the DEFAULT cipher group is bound by default as shown below:
So unless the cipher group or cipher is unbound explicitly, FATAL ALERT will not be sent before the TCP handshake is completed.
CTX124731: SSL Handshake Failure on NetScaler Because of Unsupported Ciphers
NetScaler will send a FATAL ALERT to the back end server even if the SSL cipher list in the SERVICES Tab is empty.
But this time the FATAL ALERT will be sent even before the TCP handshake is completed.
So make sure that the Cipher list is not empty.
By default, ALL the ciphers are allowed or enabled on Service/Service Group and when the virtual server is created the DEFAULT cipher group is bound by default as shown below:
So unless the cipher group or cipher is unbound explicitly, FATAL ALERT will not be sent before the TCP handshake is completed.
CTX124731: SSL Handshake Failure on NetScaler Because of Unsupported Ciphers
Was this article helpful?
Yes
No
Powered by
