help me with handshake logs

Question

Hi,&nbsp;
&nbsp;I'm experienced error while third party was trying to connect to my service using client certificate. &nbsp;
&nbsp;I did tcpdump attached the result.&nbsp;
&nbsp;Can you help me to find the problem.&nbsp;

hoolio · Answer

Hi InfoSec, 
  
 The ssldump output shows the server rejected the client's certificate:

1 7  1293361272.9715 (0.0011)  S&gt;CV3.1(2)  Alert
    level           fatal
    value           handshake_failure

If you can get a copy of the client's cert and key, you could test this yourself.  The first thing I'd try is to use openssl s_client to check that the client cert is valid for the server cert. 
  
 http://www.openssl.org/docs/apps/s_client.html 
  
 Aaron

infosec_38553 · Answer

Thank you very much. 
&nbsp;  
&nbsp; This was very helpful the problem fixed now. 
&nbsp;  
&nbsp; Regards,

hoolio · Answer

Out of curiosity, what was the fix? 
&nbsp;  
&nbsp; Thanks, Aaron

infosec_38553 · Answer

Actually the problem was from the certificate itself signed in wrong way. 
&nbsp; This why it was reject by the server.

Forum Discussion

help me with handshake logs

4 Replies

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

AS3 per-app JSON schema issue

F5 LTM Virtual Server IP NAT Configuration

F5 https monitor receive string

Multiple two-way SSL client Profiles - possible?

AWAF Detection Inconsistency Between Similar Test Payloads

Related Content

SUPER-WEBSOCKET-HANDSHAKE-LOGGER™® (SWHL) iRule

WS-Exfil-Shield: Catching What WAFs Miss After the 101 Handshake

SSL Profiles Part 1: Handshakes

TCP Internals: 3-way Handshake and Sequence Numbers Explained

Restricting number of concurrent TLS handshakes using Max Active Handshakes on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS