Troubleshooting : Solutions by issue type : Connectivity issues : Checking the SSL/TLS handshake & encryption
Checking the SSL/TLS handshake & encryption
If the client is attempting to make an HTTPS connection, but the attempt fails after the connection has been initiated, during negotiation, the problem may be with SSL/TLS. Symptoms may include error messages such as:
(Mozilla Firefox 9.0.1)
Error 113 (net::ERROR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error.
(Google Chrome 16.0.912.75 m)
The handshake is between the client and FortiADC. If the connection cannot be established, verify that the browser supports one of the key exchanges, encryption algorithms, and authentication (hashes) offered by FortiADC.
If you are not sure which cipher suites are currently supported, you can use SSL tools such as OpenSSL to discover support. For example, you could use this client-side command to know whether the server or FortiADC supports strong (HIGH) encryption:
openssl s_client -connect -cipher HIGH
or supports deprecated or old versions such as SSL 2.0:
openssl s_client -ssl2 -connect