This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSLv2 Client Hello - Alert (Level: Fatal, Description: Handshake Failure)

0

Win 2003 Win 2012 R2 Load page error

I got a strange problem on HTTPS connection. I run same Tomcat 7 (same config) on two window server 2003/2012. But I fail to access the page of the one at Window 2012. I found that Window 2012 fails to reponse the "client hello". I trace the TCP package, window 2003 and 2012 ACK with a differet size of WIN SIZE (64240 vs 8192). Then the client send the "client hello" with SSLv2 and TLSV1.1 depends. I suspect it is the problom of TCP Recieve Size configuration. Please give me some direction of the problem

asked 23 Jul '15, 01:44

Rocky%20Shek's gravatar image

Rocky Shek
1111
accept rate: 0%


One Answer:

0

The traffic is getting through, it's the server rejecting the connection, possibly it's because the server isn't happy with the ciphers offered by the client in the Client Hello. Later versions of Windows are less tolerant of older versions of SSL and poor ciphers.

Can you post the captures somewhere publically, e.g. CloudShark, Google Drive, DropBox? We only need the packets from the initial SYN to the Change Cipher Spec or Alert message.

answered 23 Jul '15, 02:32

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

It is strange that my client machine says "client hello" with SSLv2 protocol when connect to Win 2012, but with TLS to Win 2003. The only different is tcp window size. I wonder that may affect the communication protocol.

(23 Jul '15, 18:07) Rocky Shek

There are the packet capture file of my Window 2003 and Window 2012 servers, thank you.

https://drive.google.com/open?id=0B5JKgxJqOIn-eFFSeU5teVQ2eGs https://drive.google.com/open?id=0B5JKgxJqOIn-WDRIdkxZTjZ0dDQ

(23 Jul '15, 18:28) Rocky Shek

That link only seems to have the Server 2003 capture.

(24 Jul '15, 09:29) grahamb ♦

From the captures, the client in the Server 2K3 capture sends a TLS 1.1 handshake record containing a TLS 1.1 Client Hello message which the server is happy with.

In the Server 2K12R2 capture, the client sends an SSL 2.0 record containing a TLS 1.1 Client Hello. Quite rightly, as SSL 2.0 is prohibited, the server rejects the connection.

The solution is to configure the client to use an acceptable version of TLS, i.e. at least TLS 1.1 (as TLS 1.0 isn't recommended these days).

(27 Jul '15, 02:23) grahamb ♦

Thank you, I know SSL2.0 is prohibited and should not be used anymore. But for some reason (some other systems are not administrated by me), I cannot turn down SSL2.0. I just dont understand why my client have different behavior to 2003 and 2012. The client should not know which version of OS of the server before the "hello" message, right?

(27 Jul '15, 18:17) Rocky Shek

I can't think why a client would "choose" to send SSL 2.0 to a particular server, I would think it's some form of configuration. What is the client running, OS and application?

(28 Jul '15, 02:23) grahamb ♦

Window 7, IE11 , HTTPS application

(28 Jul '15, 17:46) Rocky Shek

I'm not aware of any "per-site" configuration options for IE, you can set "global" options from IE -> Internet Options -> Advanced, where you can enable\disable SSL\TLS protocols. SSL 2.0 and 3.0 should be disabled (maybe TLS 1.0 as well).

(29 Jul '15, 05:38) grahamb ♦
showing 5 of 9 show 4 more comments