Dropped due to failed client SSL handshake


Anyone have faced this error “Dropped due to failed client SSL handshake” ?

Some kind of certificate error caused by broken\expired\revoked certificate or incorrect SSL inspection policy being applied.

Hi Gordon,

Thanks. Does this mean any issue at Client SSL handshake initiation?

Yes I think that’s what it means.

Check the website without zscaler as well. This may be because of web server misconfiguration as well

I’m seeing this a lot now too. And it works fine when not connecting through ZIA, so it’s not a website problem.

Even more strangely, I’m seeing it for connections to courier.push.apple.com and I have that host excluded from SSL inspection.

SSL errors can happen on the client-side or the server-side. Involve support team and ask them to capture the packet at Zscaler end and do the same at client end. So that we can see the ciphers and other parameters used, negotiation status which will give more insights.

I do see this error logs , frequently for application specific destination
By Passing the SSL inspection temporarily fixed the issue