failed SSL negotiation

New post

tomasz.gniadek

February 21, 2018 16:01

Hello All,

I have installed a pair of virtual kemp load balancers in client environment to load balance two exchange server 2016 infrastructure. After reviewing the logs it seems that we have several of the same error "

Feb 21 16:35:24 p141kemp vsslproxy: Client 10.1.2.158 failed SSL negotiation: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Feb 21 16:35:24 p141kemp vsslproxy: Client 10.1.2.56 failed SSL negotiation: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Feb 21 16:35:25 p141kemp syslogd: last message [vsslproxy: Client 10.1.2.56 failed SSL negotiation: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol] repeated 19 times

OWA does not work

What can be problem?

Best regards

Date Votes

2 comments

Tony Vaughan February 23, 2018 08:02

Hello Tomasz,

for the error message "SSL23_GET_CLIENT_HELLO:unknown protocol"
the clients probably require TLS 1.0 to be enabled, or possibly SSL 3.0 depending on how old the clients are

if you are SSL offloading or SSL offloading and re-encrypting the traffic on the LoadMaster, you can enable this option under the menu SSL Acceleration
the option you are looking for is "Supported Protocols"

If this fixes your issue I would recommend running a security scan to confirm that there is no issues with enabling a lower secure protocol

glenn.santacruz October 04, 2018 01:36

By chance, is there any means of suppressing these errors in the log? We purposefully disable SSLv3 and TLS1.0 and our logs are regularly filled with these "errors".