Jump to content
Welcome to our new Citrix community!

TLSv1.2 Record Layer: Alert (Level: Fatal, Description: Handshake Failure at Clinet Hello


Recommended Posts

I am presenting an inconvenience when my client is trying to make a request to my service which goes through the netscaler, when I perform the tcpdump and load it to wireshark I see the following error Handshake Failure (40).

 

I also attached the client's response regarding what was reported, please help me.

 

Version: Release NS13.0 52.24.nc

1873448460_capturadelasolicitudhechaenwireshark2.thumb.jpg.3f2d866036fbf7afcabe9c30a0ac4bcf.jpg1426751723_Respuesta del cliente1.thumb.jpg.89767c76efcf2c8111059ec78d137355.jpg1148542641_Respuesta del cliente3.thumb.jpg.bad33ab0658d9da84a6ed1a317851ff9.jpg932147741_Customerresponse2.thumb.jpg.461bcfd58a497a1017f8c5a821a23776.jpg607682839_capturadelasolicitudhechaenwireshark1.thumb.jpg.12da627db7595bc61f0736c0d53456ce.jpg

profile for the configured service.jpg

Link to comment
Share on other sites

  • 7 months later...

Hi,

Your client is including TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the client hello.

Try setting the SSL Profile > Basic Settings 'Deny SSL Renegotiation' from ALL to 'NONSECURE'.  

(The default 'ALL' value does not include the renegotiation_info extension that is referred to in your suppliers response).

Regards,

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...