Troubleshooting SSL connections

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello All,
I've got two servers that need to communicate with each other using SSL. The applications that are supposed to talk to each other are custom in house applications.
When I try to connect to the upstream server, you can see the initial connection established - "Connecting to "<upstream server><ip address>":8443 ... connected"
Then you get "Initiating SSL handshake. SSL handshake failed. Closed fd 3. Unable to establish SSL connection"
The network path between the two servers is rather convoluted - the IP address of my server gets NATed at least twice, it passes through a couple of different firewalls, proxy servers, and load balancers. The upstream server is on a public IP address, but the path to get there is an internal network that doesn't hit the public internet directly.
As a test with the application administrator, I cloned my server and moved the cloned copy (vmware servers) to a public IP address and attempted the connection from there, and it worked without an issue. The connection was established and it started polling the upstream server the way it was supposed to. That should indicate that there isn't an issue with either the server I'm managing or the upstream server, and the problem must be somewhere in the network in between. (the upstream server has been up and running for at least a year, so I'm pretty sure there is no issue with their server itself)
There's three different tech support groups that I have to deal with to troubleshoot this issue. They all have monitored the traffic and seen the initial connection being established, so they believe there is nothing on their side blocking the traffic, but no one can determine why the SSL connection keeps failing. But something, somewhere in that network path is messing with the network stream when it comes to processing the SSL packets.
Sorry this post is rather convoluted and long winded - what I'm hoping is that someone might suggest what might be happening here that is messing with the connections (because this is an openssl list and the problem is related to failing ssl connections). I don't manage or have control over any of the network devices in between, so all I can do is suggest something "out of the box" that they might not have thought of before. 

Thanks,

Paul

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux