Page 1 of 1

SSL Handshake Failed

Posted: Thu Oct 26, 2017 10:16 am
by Landon_Luko
There's a site I'm trying to validate using Batch Wizard. The site works fine when I go to it manually; however, when I run Batch Wizard, I keep getting the same error:
Failed Count: 1, Error: 10053, Status: 404, Reason: SSL handshake failed - error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name. This target will not be processed (tried 3 times).
I've tried everything I can think of, and I can't seem to find something related to this error on this forum or the main website. Is there a way I can fix this?

Thanks

Re: SSL Handshake Failed

Posted: Thu Oct 26, 2017 5:22 pm
by Albert Wiersch
Hello,

Are you able to send me a Batch Wizard target list containing a URL that can be used to reproduce the problem?

I think your server is rejecting the request for some reason, but I'm not sure why.

Re: SSL Handshake Failed

Posted: Fri Oct 27, 2017 11:08 am
by Landon_Luko
For some reason, I can't send it to you via this forum. I just emailed you the list file.

Re: SSL Handshake Failed

Posted: Fri Oct 27, 2017 2:12 pm
by Albert Wiersch
Thank you. I received the target list and ran it without any problems but my run was limited to 20 targets.

Is there a specific URL that is causing the problem?

I also received this information from someone who knows more about SSL issues than I do:
SSL handshake failures are difficult to diagnose, despite the seemingly extensive error messages.

Most of the time, handshake errors are down to incompatible ciphers and protocols, the server might have ancient support and the client demands
modern protocols, or vice versa.

'unrecognized name' might relate to Server Name Indication which was not supported with SSL, only TLS.

The best diagnostic is put the remote host name into an SSL server test tool, like:

https://www.ssllabs.com/ssltest/

which will throw hundreds of SSL packets are the server and generate an extensive report it's capabilities, or lack of them. This will almost
certainly explain what is wrong.
Can you run the URL/sever through the test at https://www.ssllabs.com/ssltest/ and let me know if that helps? Perhaps the web server needs to be updated.

If none of this helps then please provide more details and the results of the SSL test.