> A customer is reporting an issue. Perhaps someone understands > this error better than I do: > Error: 10053, Status: 404, Reason: SSL handshake failed - > error:14094458:SSL > routines:ssl3_read_bytes:tlsv1 unrecognized name
SSL handshake failures are difficult to diagnose, despite the seemingly extensive error messages. Most of the time, handshake errors are down to incompatible ciphers and protocols, the server might have ancient support and the client demands modern protocols, or vice versa. 'unrecognized name' might relate to Server Name Indication which was not supported with SSL, only TLS. The best diagnostic is put the remote host name into an SSL server test tool, like: https://www.ssllabs.com/ssltest/ which will throw hundreds of SSL packets are the server and generate an extensive report it's capabilities, or lack of them. This will almost certainly explain what is wrong. Otherwise you need to use Wireshark or something to examine the actual handshake packets and see what is missing, not trivial. OpenSSL 1.1.0 includes better diagnostics allowing the handshake packets to be logged by ICS, after decryption, but ICS does not yet have the protocol analysis that Wireshark has to decode the packets. Angus -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
