Verify code 0 OK but hand shake fail.

Cirrus

Nov 12, 2014

OpenSSL> s_client -connect 10.50.171.5:7777 -CAfile "F:\irfan-cert\CARoot.cer" Loading 'screen' into random state - done CONNECTED(000000B4) depth=3 CN = Mobilink-PKI-Root verify return:1 depth=2 CN = Mobilink-PKI-SubCA verify return:1 depth=1 DC = pk, DC = net, DC = mobilink, CN = Mobilink-PKI-ISS1 verify return:1 depth=0 C = PK, ST = punjab, L = lahore, O = mobilink, OU = FRF, CN = 10.50.171. 5, emailAddress = abbas.malik@mobilink.net verify return:1 7084:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s 3_pkt.c:1256:SSL alert number 40 7084:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177 : --- Certificate chain 0 s:/C=PK/ST=punjab/L=lahore/O=mobilink/OU=FRF/CN=10.50.171.5/emailAddress=abba s.malik@mobilink.net i:/DC=pk/DC=net/DC=mobilink/CN=Mobilink-PKI-ISS1 1 s:/DC=pk/DC=net/DC=mobilink/CN=Mobilink-PKI-ISS1 i:/CN=Mobilink-PKI-SubCA 2 s:/CN=Mobilink-PKI-SubCA i:/CN=Mobilink-PKI-Root 3 s:/CN=Mobilink-PKI-Root i:/CN=Mobilink-PKI-Root --- Server certificate -----BEGIN CERTIFICATE----- MIIF0TCCBTqgAwIBAgIKLNi+LAABABv8OzANBgkqhkiG9w0BAQUFADBfMRIwEAYK CZImiZPyLGQBGRYCcGsxEzARBgoJkiaJk/IsZAEZFgNuZXQxGDAWBgoJkiaJk/Is ZAEZFghtb2JpbGluazEaMBgGA1UEAxMRTW9iaWxpbmstUEtJLUlTUzEwHhcNMTQx MTA1MTE1MjAzWhcNMTUwMzI1MDY0MzQ1WjCBjzELMAkGA1UEBhMCUEsxDzANBgNV BAgTBnB1bmphYjEPMA0GA1UEBxMGbGFob3JlMREwDwYDVQQKEwhtb2JpbGluazEM MAoGA1UECxMDRlJGMRQwEgYDVQQDEwsxMC41MC4xNzEuNTEnMCUGCSqGSIb3DQEJ ARYYYWJiYXMubWFsaWtAbW9iaWxpbmsubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCmsoRDy/xBlj0cN1X/V7On63Nr8+SoH58Vnx6Fszv4BvWafjVbmo4S P35SNKN/azzHf5WnvFvsk/u2Rl1942qKR6UEY4utbPwo9GhM4LX3FX4z1ufLJiWk xJOaux1t9iNqQTwVFhVhrommr4Qt3oWLIdnEzr+CUK5WUezD7E0lNQIDAQABo4ID YTCCA10wHQYDVR0OBBYEFBEr2m+i79e6Qyrxrp7qXT6c2Dm8MB8GA1UdIwQYMBaA FAzu6jXBTbHN96A6WMH6x+4k2DBuMIIBWgYDVR0fBIIBUTCCAU0wggFJoIIBRaCC AUGGgcRsZGFwOi8vL0NOPU1vYmlsaW5rLVBLSS1JU1MxLENOPU1PQklMTkstSVNT MSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMs Q049Q29uZmlndXJhdGlvbixEQz1tb2JpbGluayxEQz1uZXQsREM9cGs/Y2VydGlm aWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1 dGlvblBvaW50hkRodHRwOi8vbW9iaWxuay1pc3MxLm1vYmlsaW5rLm5ldC5way9D ZXJ0RW5yb2xsL01vYmlsaW5rLVBLSS1JU1MxLmNybIYyaHR0cDovL2NlcnQubW9i aWxpbmsubmV0L1BraS9Nb2JpbGluay1QS0ktSVNTMS5jcmwwggE+BggrBgEFBQcB AQSCATAwggEsMIG3BggrBgEFBQcwAoaBqmxkYXA6Ly8vQ049TW9iaWxpbmstUEtJ LUlTUzEsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZp Y2VzLENOPUNvbmZpZ3VyYXRpb24sREM9bW9iaWxpbmssREM9bmV0LERDPXBrP2NB Q2VydGlmaWNhdGU/YmFzZT9vYmplY3RDbGFzcz1jZXJ0aWZpY2F0aW9uQXV0aG9y aXR5MHAGCCsGAQUFBzAChmRodHRwOi8vbW9iaWxuay1pc3MxLm1vYmlsaW5rLm5l dC5way9DZXJ0RW5yb2xsL01PQklMTkstSVNTMS5tb2JpbGluay5uZXQucGtfTW9i aWxpbmstUEtJLUlTUzEoMSkuY3J0MAsGA1UdDwQEAwIFoDA8BgkrBgEEAYI3FQcE LzAtBiUrBgEEAYI3FQiDstUxz68uhZWBLYKT9VSG65EGAIWgvAqEwb1PAgFlAgEE MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBsGCSsGAQQBgjcVCgQOMAwwCgYIKwYBBQUH AwEwDQYJKoZIhvcNAQEFBQADgYEA4SoS7d+2saQmx3n2/d+eoBJDzagrYQYGJFle QH4vykZTmT4TIayMEJOqYq5fIUcZ6UlMYIDW5Uyiwa0iObXTi+1FA1ZB1extnPfl CAv4Rqs0V2HA5vzmS3Ge8aJ0KjJXXlZOZCHpAG3pJsdVZLtWbCu/8pRAOd8iGRgh PdNNXJg= -----END CERTIFICATE----- subject=/C=PK/ST=punjab/L=lahore/O=mobilink/OU=FRF/CN=10.50.171.5/emailAddress=a bbas.malik@mobilink.net issuer=/DC=pk/DC=net/DC=mobilink/CN=Mobilink-PKI-ISS1 --- Acceptable client certificate CA names /DC=pk/DC=net/DC=mobilink/CN=Mobilink-PKI-ISS1 /CN=Mobilink-PKI-SubCA /CN=Mobilink-PKI-Root --- SSL handshake has read 6337 bytes and written 198 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : RC4-SHA Session-ID: 16FA60494CC614EA972C45C5784E64ECAB0E0296F931240BC0F30F65B34E2918 Session-ID-ctx: Master-Key: 519B4A6034B66FDC409514D6659ACFEECEC60E8B295D7E0FF7D96B3C74889071 594D5530DF2C9E6823BD0838687761EE Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1415789671 Timeout : 300 (sec) Verify return code: 0 (ok) --- error in s_client OpenSSL>

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Verify code 0 OK but hand shake fail.

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

RDP Webtop deployment

Maintenance page / local website that includes subfolders

VIPRION B2250 to VELOS CX410 and BIG-IPr10900 migration

Single LTM with multiple GTM domains

irule execution error

Related Content

F5 self IP TLS/SSL hand shake fail with tcp port node member

Verifying Local Traffic Policy and iRule Precedence

why the device certificate verify failed when the device certificate is not expired?

Verified Design: SSL Orchestrator with McAfee Web Gateway-Part 1

Verified Design: SSL Orchestrator with Palo Alto NGFW Virtual Edition-Part 1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS