Server sent fatal alert: handshake_failure

sudhanshubhasin · November 2, 2021, 11:40am

Safari 8 / OS X 10.10
Error: Server sent fatal alert: handshake_failure
Tested site on SSLLabs and they also confirmed with error SSL 3 INSECURE

My domain is: lensbazaar.com

I ran Test on SSLLabs.com:

It produced this output: Safari 8 / OS X 10.10
Error: Server sent fatal alert: handshake_failure

My web server is (include version): apache

The operating system my web server runs on is (include version): Redhat 8

My hosting provider, if applicable, is: Dedicated

I can login to a root shell on my machine (yes or no, or I don't know): YES

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Webmin

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot

rg305 · November 2, 2021, 4:43pm

Hi @sudhanshubhasin and welcome to the LE community forum

If you don't service any such older clients, then there is no need to worry.

If you do service such clients, then you need to understand why they can't "handshake".
The client is only able to handle these outdated/weak ciphers:

If you are to serve them, you must include at least one of those ciphers (not recommended).
The recommendation is always to update the clients - lowering the security on your server is not as good as raising the security of the client.

If you do have to turn any of those on, try these first:

sudhanshubhasin · November 3, 2021, 1:33am

ÒK and how do I turn on any of those cipher ?

rg305 · November 3, 2021, 3:30am

Look within your apache configuration for SSLCipherSuite.
Also check this site for "best practice" examples: https://ssl-config.mozilla.org/

system · December 3, 2021, 3:31am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.