top of page
Search
  • Suraj Roy

Error: An SSL error occurred

Updated: Sep 9, 2021

In this blog will discuss about troubleshooting SSL error when we try to connect from Horizon View Client to Unified Access Gateway.





What is SSL?



SSL (Secure Sockets Layer) and its successor, TLS (Transport Layer Security), are protocols for establishing authenticated and encrypted links between networked computers.

Hence it create a safe connection between the client and server which transmits data.

SSL/TLS works by binding the identities of entities to cryptographic key pairs.

Each key pair consists of a private key and a public key. The private key is kept secure, and the public key can be widely distributed via a certificate



What is SSL Certificate?


SSL certificates are what enable websites to move from HTTP to HTTPS, which is more secure. It ensure that the user information sent over a website is safe and encrypted.

SSL certificates contain information about the domain of the website, the owner’s address and other relevant information.

Customize the look of your media by making it widescreen or small and easily align media inside your posts.



There can be several reason for SSL Error. Few of them are :


  • SSL / TLS mismatch between client and Server

  • Security Software or firewall might block access to a website

  • Time Sync between Client and Server

  • Having invalid or untrusted Certificates

  • Unsupported Key Size



Troubleshooting:


SSL encryption / decryption happen between "Application" & "Transport" layer.

The best way to troubleshoot and understand why SSL error is happening is to run Wireshark on Client machine and TCPDump on UAG.

Upon looking at the TCPDump file we found after Client and Server exchange Hello and Client Key exchange, the packet RST was noticed.

Prior to RST packet we see "Encrypted Alert" sent by Client to Server.



Encrypted Alert" is a "Close Notify" message to initialize the closure of a SSL/TLS session. This will be sent by Server. But in our case, client is sending the "Encrypted Alert" prior to server.




SSL “Alert (21) describes that decryption got failed. It is defined as: “Decryption of a TLSCiphertext record is decrypted in an invalid way: either it was not an even multiple of the block length or its padding values, when checked, were not correct. Resolution: Make sure TLS Encryption is enable on the Client machine. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client] "Enabled"=dword:00000001 "DisabledByDefault"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server] "DisabledByDefault"=dword:00000000 "Enabled"=dword:00000001



218 views0 comments

Comments


Post: Blog2 Post
bottom of page