SSL server handshake failure" 0 310000:1 ../ssl_proxy/sslproxy_worker.cpp:3042 Error on ProxySG

Solution

Overview

Why am I getting a lot of SSL server handshake errors on the ProxySG appliance?

Cause

A good way of finding what is causing this is to look at the Active Sessions (Management Console > Statistics > Sessions > Errored sessions). In this case we can see Google talk is causing the error:

 talk.google.com:443 - - - REQMOD: inactive RESPMOD: inactive 20 sec 176 0 n/a - - - P BM (D) Explicit HTTP SSL SSL(error) : "Missing SSL server certificate"    0 sec

Google talk will by default try to connect over port 443. It is an application. The site does not provide a server certificate, which is required for the SSL proxy to work.

Any site which does not provide a certificate will result in this error. To resolve the error, bypass the SSL proxy for this site.

 

Resolution
One option to workaround this issue is to disable protocol detection for the site.
 
<Proxy>
url.regex="website.com" detect_protocol(no)
 

 

 

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4778
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat