HTTPS Handshake: SSL Handshake failure with error 252 in logs
03/26/2020 19 15495
The error message HTTPS Handshake: SSL Handshake failure with error 252 is generated in Logs when logging into the SonicWall management interface and/or trying to connect to UTM SSL-VPN.
The log message is generated when the SSL Handshake between the client (browser or NetExtender) and the SonicWall fails.
The error # 252 indicates that the failure is due to the SSL / TLS Protocol version suggested by the client (in its Client Hello) was rejected by the SonicWall. The SSL / TLS version suggested by the client could be higher or lower than what SonicWall supports.
In firmware versions SonicOS 18.104.22.168 and SonicOS 22.214.171.124 and above, TLSv1.0 and SSLv3.0 are disabled by default. The browser used for logging into the SonicWall may not support TLSv1.1 or TLSv1.2 or the said protocols are disabled.
Ideally, no changes need to be done in the SonicWall. The client browser must have TLSv1.1 and TLSv1.2 enabled. All latest browsers have this enabled by default.
If you wish to enable TLS 1.0, you may do it thus.
CAUTION: Enabling TLS 1.0 is considered insecure. The following workaround is only a suggestion.
NOTE: This configuration change will require the SonicWall to be restarted, therefore warn your users the brief loss of network connection.
- Login to the SonicWall management port
- In the address bar, change the URL to https://<yourIPAddress>/diag.html
- Click on Internal Settings
- Scroll down to the Encryption Settings section
- Disable the check box under Disable TLSv1 (by default this is checked)
- Enable the option "Enable High Secure Cipher Suite Support"
- Restart the SonicWall.
After the above, try login again and check whether you see the log message.