failed SSL negotiation

0

Hello All,

 

I have installed a pair of virtual kemp load balancers in client environment to load balance two exchange server 2016 infrastructure. After reviewing the logs it seems that we have  several of the same error "

 

Feb 21 16:35:24 p141kemp vsslproxy: Client 10.1.2.158 failed SSL negotiation: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Feb 21 16:35:24 p141kemp vsslproxy: Client 10.1.2.56 failed SSL negotiation: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Feb 21 16:35:25 p141kemp syslogd: last message [vsslproxy: Client 10.1.2.56 failed SSL negotiation: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol] repeated 19 times

 

OWA does not work

What can be problem?

 

Best regards

2 comments

Avatar
0
Tony Vaughan

Hello Tomasz,

for the error message "SSL23_GET_CLIENT_HELLO:unknown protocol"
the clients probably require TLS 1.0 to be enabled, or possibly SSL 3.0 depending on how old the clients are

if you are SSL offloading or SSL offloading and re-encrypting the traffic on the LoadMaster, you can enable this option under the menu SSL Acceleration
the option you are looking for is "Supported Protocols" 

If this fixes your issue I would recommend running a security scan to confirm that there is no issues with enabling a lower secure protocol


 

Avatar
0
glenn.santacruz

By chance, is there any means of suppressing these errors in the log? We purposefully disable SSLv3 and TLS1.0 and our logs are regularly filled with these "errors".