What would cause a SSL negotiation to break down?

c-h-r-i-s-t-o-p-h
c-h-r-i-s-t-o-p-h used Ask the Experts™
on
Working under the knowledge that traffic is passing normally across a network...

What would cause SSL negotiation to break down between a client and server?

I have observed a client send a "Client Hello" to the server over SSL. Then the server sends an ACK for the "Client Hello" packet. However, the server fails to respond.

Approximately 30 seconds later, the client sends a "Client Hello" to the server via SSLv2. Then the server sends an ACK for the "Client Hello". Then the server sends a "Server Hello" to the client via SSLv3.

Thoughts?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014

Commented:
Are you seeing this across the wire, from the client's perspective, or from the server's perspective?  (where are you?)

Is the server side operating under normal conditions? (any DDOS underway?)
Distinguished Expert 2017

Commented:
A client might support one mode of Secure Communication (SSL1/23 and TLS) while the Server only supports the other (TLS 1.0). This is usually means that the server is not configured correctly.
Top Expert 2014

Commented:
I agree with Mod_MarlEE, seems like a homework question.

TLS V1 standard: http://www.ietf.org/rfc/rfc2246.txt

Baed on SSL V3, SSL was developed by NetScape TLS is the RCF'ed public version of SSL.

11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
aikimark - I have two separate sniffs running to confirm that the network is behaving normally. One sniff is running on the client's local interface and the other is running on the switchport that the server is directly attached to. It is possible that the server is over-utilized.

arnold - This is my suspicion and specifically what I am attempting to isolate. The server's admin is convinced that it is not his machine, and I am thus attempting to understand the process so that I can help him troubleshoot it.
nociSoftware Engineer
Distinguished Expert 2018

Commented:
Here is a starting point for ssl inner workings.
http://www.openssl.org/docs/ssl/ssl.html

The ssl_accept ssl_connect calls are the ones used to setup a connection.
wiki.cacert.org is a site with a lot of infarmation esp. about trust around a certificate.
Distinguished Expert 2017
Commented:
The over utilization of the server will not manifest in the way you describe. The responses will be delayed but not. I think citrix can be configured to prefer one protocol (TLS/SS3) versus (SSL1/2).  I think a search.
First check the citrix configuration that it is configured for both SSL and TLS. Then you can confirm the same thing on the client. Do not have a link directly to that but here is a starting point
http://support.citrix.com/proddocs/index.jsp?topic=/xenapp6-w2k8-admin/ps-securing-sec-clsrv-conn.html
 

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial