Skip to main content

Digital Experience

Resolve “server negotiated an unknown SSL protocol version” issue

shutterstock_125192411_350Most of you have encountered following issue while establishing SSL session with Back-end servers using Data Power.

3:43:38 PM ssl error 23577521   0x8120001a sslproxy (): Server negotiated an unknown SSL protocol version

Here is the RCA and Solution to fix this issue.
RCA (Root Cause Analysis) 
The Crypto profiles object on Data Power starting from Firmware v 6 have TLS v1.2 and 1.1 which will be enabled by default. This affects the protocol version included in the Client Hello when Data Power is acting as the SSL client. If TLS v1.2 is not supported, the server still negotiates to the most secure supported protocol (e.g. TLS v1.1, TLS v1.0, SSL v3) if enabled.
Some legacy servers with non-compliant implementations of SSL may reject connection attempts when TLS v1.2 or TLS v1.1 are used. In these cases, the handshake fails without properly negotiating to a mutually agreeable protocol.

You can try either one of the following options to fix this issue.
  • Upgrade the legacy SSL servers to use highest security protocol version available. E.q. TLS v1.2
  • If Option # 1 is not possible then you will need to just ENABLE only the SSL/TLS version that server supports and disable rest in Crypto profile object.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.