Table of Contents
2
Home » Wiki » How to Fix the SSL Handshake Failed Error

How to Fix the SSL Handshake Failed Error

by | SSL Errors

How to Fix the SSL Handshake Failed Error

What Does SSL Handshake Failed Error Mean?

The SSL (Secure Sockets Layer) handshake failed error occurs when your browser is unable to establish a secure connection with a website. This is often caused by misconfigured SSL certificates or other SSL-related issues on the server side.

This error prevents you from being able to access the website and can be frustrating to deal with. However, in most cases, the SSL handshake failed error can be fixed by following some troubleshooting steps.

Understanding SSL Handshake

To understand how to fix the SSL handshake failed error, you first need to understand what an SSL handshake is and why the failure occurs.

An SSL handshake is the process that establishes an encrypted connection between a web server and a browser. Here are the steps in an SSL handshake:

  • The browser connects to the server requesting a secure page (usually https).
  • The web server sends its SSL certificate to the browser. This certificate contains the server’s public key needed to begin the secure session.
  • The browser checks whether the certificate is valid and is signed by a trusted Certificate Authority (CA). It also verifies the certificate matches the website domain.
  • If the certificate is valid, the browser generates a symmetric session key and encrypts it with the server’s public key. It then sends this encrypted session key back to the server.
  • The server decrypts the symmetric key using its private key.
  • Both sides use this symmetric key to encrypt and decrypt all communications going forward. This allows for fast and secure transmission of data.

The SSL handshake fails if any step in this process goes wrong. Common errors include an expired certificate, domain name mismatch, self-signed certificate, or the server not supporting SSL encryption.

Also Read: Fix NETERR_CERT_REVOKED Certificate Error

10 Easy Steps to Fix the SSL Handshake Failed Error

Fixing these issues can resolve the SSL handshake failed error.

Step 1 – Check the Error Message

The first step is to check the specific error message you’re getting on your browser. This will give clues on what is causing the SSL handshake failure.

On Chrome, click the lock icon > Certificate > Details tab. The error will be under ‘Connection Status’.

On Firefox, click the lock icon > More Information > View Certificate > Details tab. The error reason will be shown here.

Common error messages include:

  • “SSL peer certificate or SSH remote key was not OK” – The certificate is invalid.
  • “Server sent fatal alert: handshake failure” – Issues with cipher suites or TLS versions.
  • “SSL received a record that exceeded the maximum permissible length” – Problem with web server settings.
  • “Error code: SSL_ERROR_SYMANTEC_INT” – Problem with Symantec/Norton antivirus intercepting SSL connections.

Knowing the exact error message helps troubleshoot the issue faster.

Step 2 – Check the Website Certificate

The next step is to examine the website’s SSL certificate that is causing issues. Click the lock icon in the browser’s address bar and view the certificate details.

Check the following:

  • Is it expired? Certificates have an expiry date set by the issuing CA. If expired, it needs to be updated.
  • Does the domain match? The certificate should match the website domain name. If not, it needs to be reissued for the correct domain.
  • Is it trusted? The certificate should be signed by a trusted CA like Comodo or Symantec. If you see an unfamiliar CA or “self-signed”, it means the certificate is untrusted.
  • Does it use old standards? Check if it uses outdated hashing like SHA-1 or encryption like RSA 1024-bit instead of 2048-bit. This could indicate the website needs to renew its SSL certificate.

Identifying any issues with the certificate can help resolve the SSL handshake failure.

Step 3 – Clear Browser Cache

An easy first troubleshooting step is to clear your browser cache and force a refresh of the website’s SSL certificate.

Follow these steps:

On Chrome

  • Click the 3-dot menu > Settings > Privacy and security > Clear browsing data.
  • Choose a time range and select Cookies, Cache, and Hosted app data.
  • Click Clear data.

On Firefox

  • Click the 3-line menu > Options > Privacy & Security > Cookies and Site Data.
  • Click Clear Data and clear Cache and Cookies.

Now reload the website and see if the SSL error persists. Clearing the cache removes any corrupt certificate files cached locally so the browser is forced to freshly load it from the server.

Step 4 – Check Server Configuration

If the error continues, the issue may be due to incorrect SSL configuration on the web server. The website owner will need to double check the following:

  • SSL Protocol Support: The server should enable TLS 1.2 and 1.3, and disable older SSL protocols like TLS 1.0 and 1.1 which have vulnerabilities. Outdated protocols can cause the handshake to fail.
  • Cipher Suites: Weak ciphers like DES, 3DES, RC4 should be removed. Only strong ciphers like AES 128/256 bit and SHA2 should be enabled.
  • Certificate Installed: The SSL certificate should be properly installed on the server. All required intermediate/chain certificates should also be installed.
  • Port Configuration: The web server should be correctly configured to listen on port 443 for HTTPS requests.
  • Virtual Hosts: If using multiple domains, each should have its own certificate with proper bindings.
  • Application Conflicts: Some applications like Skype and antivirus can bind to port 443 causing conflicts.

Checking for any misconfigurations like these on the server side can help resolve the SSL handshake failure.

Step 5: Temporarily Disable Antivirus

Some security software and antivirus products can interfere with SSL connections leading to handshake failures. One solution is to temporarily disable your antivirus and retry accessing the website.

Follow these general steps:

  • Open antivirus settings and look for an option to disable web filtering or web scanning features.
  • Some antiviruses may have exclusions where you can add the problematic domain as an exclusion.
  • Fully disabling the antivirus shields is another option for troubleshooting.
  • Restart the browser after making the changes.

If the website now works properly, it indicates the antivirus was causing the issue. You can enable the shields again and try adding the domain to the antivirus exclusions list as a permanent fix.

Step 6: Use a Different Browser

Try accessing the problematic website using an alternate browser. For example, if you normally use Chrome, test with Firefox or Edge.

This helps determine if the SSL handshake issue is isolated to just one browser or widespread.

  • If the error occurs on all browsers, it indicates there is a system-wide problem with your network, antivirus, or the server’s certificate itself.
  • However, if another browser can load the site fine, then the issue is local to your default browser’s certificate store or settings.

You can either continue using the working browser as a temporary fix or troubleshoot your main browser further.

Step 7: Flush DNS

Domain Name System (DNS) issues can sometimes lead to SSL handshake failures. Flushing your DNS cache forces your system to re-query DNS and retrieve new hostname mappings.

Follow these basic steps to flush DNS:

On Windows

  • Open Command Prompt as Administrator
  • Run the command: ipconfig /flushdns

On Mac

  • Open Terminal
  • Run the command: sudo killall -HUP mDNSResponder

On Linux

  • Open Terminal
  • Run the command: sudo /etc/init.d/nscd restart

Now retry loading the website to see if a fresh DNS lookup resolves the SSL issue.

Step 8: Renew IP Address

If you have a dynamic IP address from your ISP, renewing it can help mitigate SSL issues caused by IP conflicts or stale DNS cache upstream.

To renew your public IP on Windows, Mac, or Linux:

  • Disconnect from your internet for a few minutes. This releases your current IP lease.
  • Reconnect your internet and your router will be assigned a new public IP by the ISP.

Once you have a new IP, try accessing the website again to see if the SSL handshake works.

Step 9: Use a VPN or Proxy

As a workaround, you can route your traffic through a VPN or proxy service to bypass any SSL connectivity issues caused by your network or ISP.

A VPN encrypts your connection and sends your traffic through an alternate server, making it appear you are accessing the website from a different location and network.

A proxy acts as an intermediary that fetches resources on your behalf. So the SSL handshake happens between the proxy and server instead of your browser.

Using a paid VPN provider or free public proxy can help determine if the SSL issue is isolated to your own network or ISP. Access the website through the VPN/proxy: if it works fine, then get your network connectivity checked.

Step 10: Contact Web Hosting Support

If you have tried the above steps and are still facing the handshake failure, it is time to contact the website owner or web hosting provider for further troubleshooting.

Conclusion

SSL handshake failures can be frustrating when trying to access secure websites. However, with some diligent troubleshooting and diagnosis of the issue, they can often be resolved. Check for problems with the server certificate validity and configuration. Try browser-level fixes like clearing cache and using alternate browsers or VPNs. For persistent issues, engage the website hosting provider to inspect server settings and logs closely to identify and correct the cause of failure.

With a systematic approach, the handshake can be completed successfully again allowing access to the HTTPS website. Proper SSL configuration is crucial for secure internet connections, so persistence pays off when troubleshooting these kinds of errors.

Frequently Asked Questions

Why do I get SSL handshake failure with some websites but not others?

If it occurs with some sites but not all, it usually indicates an issue with those particular servers’ SSL configuration like an outdated cipher suite or expired certificate. The websites that work fine have properly configured SSL.

Is SSL handshake failure the same as SSL certificate error?

No, they are slightly different. An SSL certificate error means specifically there is an issue with the certificate such as expiration, domain mismatch or untrusted root CA. SSL handshake failure is a more general connection issue that can also be caused by protocol or network problems.

Related Articles:

How to Fix Entitlement.diagnostics.office.com Certificate ErrorHow to Fix Entitlement.diagnostics.office.com Certificate Error How to Fix NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error in ChromeHow to Fix NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM Error in Chrome How to Fix NET:ERR_CERT_AUTHORITY_INVALID in Google ChromeHow to Fix NET:ERR_CERT_AUTHORITY_INVALID in Google Chrome?