Handler: Connection closing on SSL failure

I really need a "Complete Mug's Guide to Understanding SSL Error Log Messages" book.

This one has been annoying me for a fair while on all the Fireboxes (at least the ones that allow browsing)..

Here is the complete extract:
**2020-10-15 08:09:44 pxy 0x17f09c00-24388 58: -> [A t] {B}: Accept SSL Error [ret 0 | SSL err 0 | Peer closed the channel] Domain: www.google.com PFS: ALLOWED | ALLOWED

2020-10-15 08:09:44 https-proxy 0x17f09c00-24388 58: -> [A t] {B} | 59: -> [B t] {X}[]: Handler: Connection closing on SSL failure (Domain: www.google.com**

As far as I can tell, google works.. At least I can search and even go to www.google.com without any problems.. When I click on the padlock in the browser all seems okay..

Any suggestions?

p.s. The original team that came up with this certificate-based security solution should have been burnt at the stake as soon as they opened their mouths.. It is a complex, messy and nasty solution.

Adrian from Australia


  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    From what I see here, B channel (the firewall connecting to the distant resource) the distant end closed the connection.

    If it was Google, they may be experimenting with TLS 1.3, which isn't fully out yet.

    If that is what's happening, the connection should retry, and work as TLS 1.2 with PFS, and just be fine.

    If you want to experiment:
    type: "chrome://flags/#tls13-variant"
    Set TLS 1.3 to disabled.

    Type "about:config"
    Search for tls.version.
    Set security.tls.version.max to 3.
    (4 is TLS 1.3)

    as root, in terminal, run:
    defaults write /Library/Preferences/com.apple.networkd tcp_connect_enable_tls13 0
    (1 is enabled)

    -James Carson
    WatchGuard Customer Support

  • Options

    Thank you James.. I will have a play with this in the morning..

    Adrian from Australia

Sign In to comment.