The SSL handshake error is the failure of communication between the server and client by using the SSL protocol. This can be caused by factors on the client-side as well as from the server-side. Following are mainly reported to cause the handshake error:
Update the Browser to the Latest Build
The browser may show the SSL_error_handshake_failure_alert if it is outdated as it can lead to incompatibility with different websites. Here, updating the browser to the latest version may solve the problem. For elucidation, we will discuss the process for the Google Chrome browser. But before that, if the problematic website requires a cryptographic device or card to identify the user, make sure the proper driver of the device is installed and being used.
Delete the Problematic Certificate in the Browser’s Certificate Manager
If the website’s certificate in the browser’s certificate manager is corrupt, then the browser may throw an SSL_error_handshake_failure_alert. In this scenario, a user can solve the problem by deleting the problematic website’s certificate in the browser’s settings. For elucidation, we will discuss the process for the Firefox browser. If that did not work, then check if using another network or network type (e.g., if encountering an issue on ethernet, then using Wi-Fi) solves the problem.
Clear the Browser’s Cookies, Cache, and Data
If any of the browser’s cookies, cache, and data are corrupt, then the browser may show an SSL handshake error. In this context, clearing the browser’s cookies, cache, and data may solve the SSL error at hand. For elucidation, we will discuss the process of clearing the cookies, cache, and data of the Chrome browser.
Try Another Browser
The SSL_error_handshake_failure_alert could be a result of a bug in the browser in use. Here, using another browser may let the user access the problematic website without issue.
Reset the System’s Internet Options to the Defaults
On a Windows machine, the Internet Options cover many of the basic settings used by the OS and applications to access the Internet. A mere misconfiguration of the Internet Options or if its certificate manager is corrupt, then resetting the Internet Options to the defaults may solve the problem.
Add the Website as Trusted in the Browser
If the issue is still there, then adding the website as trusted in the browser may solve the problem. For illustration, we will guide you through the process on the Firefox browser. Warning: Advance at your own risk as adding a risky website as trusted in the browser’s settings may expose data, system, and network to the threats.
Edit the Browser’s Security Settings
The SSL handshake error could be a result of a poor configuration of the problematic website and editing the browser’s security may let a user access the website in question. For elucidation, we will discuss the process for the Firefox browser. Warning: Proceed at your own risk as editing the browser’s security settings may expose your system, data, and network to threats.
Reinstall the Burp Suite
If your organization is using the Burp Suite to safely test and analyze its web applications, then a misconfiguration of the Burp Suite may lead to the SSL handshake failure alert. In this case, reinstalling the Burp Suite may solve the problem.
Use the Certificate in the Program Files Directory for Gemalto/Thales DIS CMS
If your organization is using a Gemalto (or now known as Thales DIS) application/CMS, then using its certificate from the Program Files, not from the Program Files (X86) may solve the problem as the 64-bit client browsers look for the certificate in the 64-bit directory of the Program Files. For illustration, we will discuss the process for the Firefox browser.
Add an Exception for the Website in the Java’s Security
If the website requires Java on a client machine but Java “thinks” the website unsafe, then it may lead to the browser’s SSL handshake error. Here, adding an exception for the website in Java’s security may solve the problem.
Disable or Uninstall the Antivirus/Firewall of the System
A browser may show the SSL handshake failure alert if the antivirus of the system is changing the website data in a way that the browser does not “think” safe. In such a case, disabling the antivirus/firewall of your system may clear the SSL handshake error. Kaspersky is reported to cause the issue under discussion. Warning: Advance at your own risk as disabling or uninstalling the antivirus or firewall of a system, may expose your data, system, and network to threats.
Disable the Antivirus/Firewall of the System
Uninstall the 3rd Party Antivirus/Firewall
If disabling the antivirus/firewall did not work, then uninstalling the antivirus/firewall solve the problem. If your organization is using a hardware firewall console, then make sure the cable connecting the hardware firewall to the system is the one recommended by the firewall OEM as incompatible cable may trigger the SSL handshake failure alert in a browser.
Re-Add the Problematic Certificate
If the problematic website requires a certificate installed on the system (either provided through the email or downloaded from an online resource) and the certificate is not properly installed on the system, then reinstalling the certificate on the system may solve the problem. Firstly, make sure to download or export the problematic certificate. If the certificate is not shown in the proper tab of the Certificate Manager or cannot be reinstalled, you may refer to the official Microsoft page that explains the process in detail.
Import the Certificate to Firefox
If you are encountering the issue with the Firefox browser, then keep in mind that Firefox does not use many of the certificates in the OS certificate manager and the user may have to import the certificate to the Firefox. If the issue is still there, then you may contact the problematic website to check if their security settings are properly working. If your organization’s infrastructure is using older hardware, then you may use an older OS (like XP) in a VM to access the problematic devices.
Guidelines for Server-Related Issues
As it is practically impossible to cover the server-related causes (different machines, different devices, different applications, etc.) leading to the handshake error at hand, here are some guidelines reported by users to clear out the handshake error:
Fix: Can’t Type into Text Fields on Some BrowsersFix: ‘Sec_Error_Reused_Issuer_And_Serial Warning’ Error on BrowsersFix: ‘about:invalid#zClosurez’ Error on BrowsersHow to Fix Netflix Error Code M7053-1803 on Chromium-Based Browsers
