[openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23
Blumenthal, Uri - 0553 - MITLL
uri at ll.mit.edu
Mon Apr 24 22:19:44 UTC 2017
> Handshake failed
>
> The SSL handshake could not be performed.
>
> Host: <remote host name> Reason: error:14094416:SSL
> routines:ssl3_read_bytes:sslv3 alert certificate unknown:state
> 23:Application response 500 handshakefailed
>
> <Our Service Desk ext. number>
> generated 2017-04-24 15:28:13 by webwasher4
> Java/1.8.0_112
Webwasher is your proxy right?
Yes. (
So it is clearly webwasher that is
generating this error message (it says so in the text above!). The
OpenSSL error contained in this text occurs when the remote peer sends a
fatal alert to the local endpoint. So it looks to me like your proxy has
initiated a TLS connection to the remote host but the remote host has
rejected the handshake and sent back a "certificate unknown" fatal alert.
A certificate unknown alert has the following description in the RFCs:
certificate_unknown
Some other (unspecified) issue arose in processing the
certificate, rendering it unacceptable.
So, my guess is that the remote host has requested a client certificate
(i.e. client auth) and your proxy has been unable to provide it.
Understood, thanks!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170424/f08eb9f5/attachment.bin>
More information about the openssl-users
mailing list