Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

What is meaning of this SSL routines:tls_early_post_process_client_hello:inappropriate fallback





Why user getting SSL routines:tls_early_post_process_client_hello: inappropriate fallback


Product: Loadmaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:


Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  

If a TLS client fails to connect for whatever reason (even plain TCP failure due to a bad network, or other reasons), it will downgrade the TLS protocol version to a lower level and try again, this time including the TLS_FALLBACK_SCSV cipher suite in the ClientHello request. When the server sees the TLS_FALLBACK_SCSV cipher suite, and it supports a higher TLS protocol version, then it knows the client is basically troubleshooting the connection and responds with inappropriate fallback. Presumably, the client will try again, this time with a higher protocol version.

Enable TLS1.1 and set cipher set to default and check if this error is reduced.


Was this article helpful?
0 out of 1 found this helpful