SSL Handshake Failure on ADC Because of Unsupported Ciphers
Article ID: CTX124731
Updated On:
Description
- SSL connection fails between the client and the ADC appliance
- ADC responds with a fatal alert. The description of the alert message is “Handshake Failure (40)”.
The above screenshot is from a NetScaler trace (packet capture).
Procedure to run a trace on the ADC is explained in the following document:
https://docs.citrix.com/en-us/citrix-adc/current-release/system/troubleshooting-citrix-adc/how-to-record-a-packet-trace-on-citrix-adc.html
Resolution
Ciphers and Protocols Compatibility
Not all cipher types are supported by different protocols. For example, the AES cipher is not supported when using SSLv3. For a list of supported ciphers, see Citrix Documentation - Ciphers Supported by the NetScaler Appliance
Problem Cause
Unsupported Ciphers (bound to the vserver being accessed by the client)Issue/Introduction
When an SSL connection negotiation fails because of incompatible ciphers between the client and the ADC appliance, the appliance responds with a fatal alert.
Additional Information
The ADC appliance supports a list of SSL ciphers when negotiating an SSL session with a client. If the client does not support any of the ciphers on the list, the SSL handshake fails. When negotiating an SSL connection, the client presents a list of ciphers that it supports. The server (ADC appliance) chooses a cipher from that list to use with the connection.
Was this article helpful?
Yes
No
Powered by
