Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

What is meaning of this SSL routines:tls_early_post_process_client_hello:inappropriate fallback

 

Information

 

Summary:

Why user getting SSL routines:tls_early_post_process_client_hello: inappropriate fallback

Environment:

Product: Loadmaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

 

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

If a TLS client fails to connect for whatever reason (even plain TCP failure due to a bad network, or other reasons), it will downgrade the TLS protocol version to a lower level and try again, this time including the TLS_FALLBACK_SCSV cipher suite in the ClientHello request. When the server sees the TLS_FALLBACK_SCSV cipher suite, and it supports a higher TLS protocol version, then it knows the client is basically troubleshooting the connection and responds with inappropriate fallback. Presumably, the client will try again, this time with a higher protocol version.

Enable TLS1.1 and set cipher set to default and check if this error is reduced.

Workaround:  
Notes:  

Comments