[openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Mon Apr 24 21:18:09 UTC 2017

I use a 3rd-party application that is trying to update itself (so it’s trying to “call home”). Naturally, I’m behind a corporate firewall and Web proxy. The app has been configured to use that proxy. It fails to connect. Packet capture reveals the following:

Handshake failed

The SSL handshake could not be performed.

Host: <remote host name>
Reason: error:14094416:SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown:state 23:Application response 500 handshakefailed

<Our Service Desk ext. number>
generated 2017-04-24 15:28:13 by webwasher4 

I must be dense today (and please, no comment about how this state might be more permanent than that (), but I can’t figure even which peer is complaining. Is it the local end (aka the application) that doesn’t like the proxy’s certificate? Is it the Web proxy that doesn’t like the remote host certificate? Or is it the remote end that doesn’t like the proxy’s certificate?

I can connect to the remote host via browser just fine…

Uri Blumenthal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170424/5ff7c188/attachment.bin>

More information about the openssl-users mailing list