Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

  1. Kemp Support
  2. Knowledge Base
  3. Security

What is meaning of this SSL routines:tls_early_post_process_client_hello:inappropriate fallback

Updated

 

Information

 

Summary:

Why user getting SSL routines:tls_early_post_process_client_hello: inappropriate fallback
Environment:

Product: Loadmaster

Version: Any

Platform: Any

Application: Any
Question/Problem Description:

 
Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

If a TLS client fails to connect for whatever reason (even plain TCP failure due to a bad network, or other reasons), it will downgrade the TLS protocol version to a lower level and try again, this time including the TLS_FALLBACK_SCSV cipher suite in the ClientHello request. When the server sees the TLS_FALLBACK_SCSV cipher suite, and it supports a higher TLS protocol version, then it knows the client is basically troubleshooting the connection and responds with inappropriate fallback. Presumably, the client will try again, this time with a higher protocol version.

Enable TLS1.1 and set cipher set to default and check if this error is reduced.
Workaround:  
Notes:  
Was this article helpful?
0 out of 0 found this helpful

Comments

In this document