[openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

Blumenthal, Uri - 0553 - MITLL uri at ll.mit.edu
Mon Apr 24 22:19:44 UTC 2017

    > Handshake failed
    > The SSL handshake could not be performed.
    > Host: <remote host name> Reason: error:14094416:SSL
    > routines:ssl3_read_bytes:sslv3 alert certificate unknown:state
    > 23:Application response 500 handshakefailed
    > <Our Service Desk ext. number>
    > generated 2017-04-24 15:28:13 by webwasher4
    > Java/1.8.0_112 
    Webwasher is your proxy right?

Yes. (

    So it is clearly webwasher that is
    generating this error message (it says so in the text above!). The
    OpenSSL error contained in this text occurs when the remote peer sends a
    fatal alert to the local endpoint. So it looks to me like your proxy has
    initiated a TLS connection to the remote host but the remote host has
    rejected the handshake and sent back a "certificate unknown" fatal alert.
    A certificate unknown alert has the following description in the RFCs:
          Some other (unspecified) issue arose in processing the
          certificate, rendering it unacceptable.
    So, my guess is that the remote host has requested a client certificate
    (i.e. client auth) and your proxy has been unable to provide it.
Understood, thanks! 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5211 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170424/f08eb9f5/attachment.bin>

More information about the openssl-users mailing list