Dropped due to failed client SSL handshake

thariq · March 13, 2023, 6:53am

Team,

Anyone have faced this error “Dropped due to failed client SSL handshake” ?

GordonWright · March 13, 2023, 10:11am

Some kind of certificate error caused by broken\expired\revoked certificate or incorrect SSL inspection policy being applied.

thariq · March 13, 2023, 10:13am

Hi Gordon,

Thanks. Does this mean any issue at Client SSL handshake initiation?

GordonWright · March 13, 2023, 10:14am

Yes I think that’s what it means.

ramesh.mani1 · March 13, 2023, 5:41pm

Check the website without zscaler as well. This may be because of web server misconfiguration as well

bclark-gc · March 15, 2023, 1:46am

I’m seeing this a lot now too. And it works fine when not connecting through ZIA, so it’s not a website problem.

Even more strangely, I’m seeing it for connections to courier.push.apple.com and I have that host excluded from SSL inspection.

ramesh.mani1 · March 15, 2023, 3:41am

SSL errors can happen on the client-side or the server-side. Involve support team and ask them to capture the packet at Zscaler end and do the same at client end. So that we can see the ciphers and other parameters used, negotiation status which will give more insights.

mohan_sai · March 15, 2023, 9:14pm

I do see this error logs , frequently for application specific destination
By Passing the SSL inspection temporarily fixed the issue