HTTPS Handshake: SSL Handshake failure with error 252 in logs
03/26/2020 20 16836
The error message HTTPS Handshake: SSL Handshake failure with error 252 is generated in Logs when logging into the SonicWall management interface and/or trying to connect to UTM SSL-VPN.
The log message is generated when the SSL Handshake between the client (browser or NetExtender) and the SonicWall fails.
The error # 252 indicates that the failure is due to the SSL / TLS Protocol version suggested by the client (in its Client Hello) was rejected by the SonicWall. The SSL / TLS version suggested by the client could be higher or lower than what SonicWall supports.
In firmware versions SonicOS 220.127.116.11 and SonicOS 18.104.22.168 and above, TLSv1.0 and SSLv3.0 are disabled by default. The browser used for logging into the SonicWall may not support TLSv1.1 or TLSv1.2 or the said protocols are disabled.
Ideally, no changes need to be done in the SonicWall. The client browser must have TLSv1.1 and TLSv1.2 enabled. All latest browsers have this enabled by default.
If you wish to enable TLS 1.0, you may do it thus.
CAUTION: Enabling TLS 1.0 is considered insecure. The following workaround is only a suggestion.
NOTE: This configuration change will require the SonicWall to be restarted, therefore warn your users the brief loss of network connection.