- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
HTTPS Handshake: SSL Handshake failure with error 252 in logs
03/26/2020 
24 People found this article helpful
200,800 Views
Description
The error message HTTPS Handshake: SSL Handshake failure with error 252 is generated in Logs when logging into the SonicWall management interface and/or trying to connect to UTM SSL-VPN.
Cause
The log message is generated when the SSL Handshake between the client (browser or NetExtender) and the SonicWall fails.
The error # 252 indicates that the failure is due to the SSL / TLS Protocol version suggested by the client (in its Client Hello) was rejected by the SonicWall. The SSL / TLS version suggested by the client could be higher or lower than what SonicWall supports.
In firmware versions SonicOS 5.9.1.1 and SonicOS 6.2.5.3 and above, TLSv1.0 and SSLv3.0 are disabled by default. The browser used for logging into the SonicWall may not support TLSv1.1 or TLSv1.2 or the said protocols are disabled.
Ideally, no changes need to be done in the SonicWall. The client browser must have TLSv1.1 and TLSv1.2 enabled. All latest browsers have this enabled by default.
Resolution
If you wish to enable TLS 1.0, you may do it thus.
CAUTION: Enabling TLS 1.0 is considered insecure. The following workaround is only a suggestion.
NOTE: This configuration change will require the SonicWall to be restarted, therefore warn your users the brief loss of network connection.
- Login to the SonicWall management port
- In the address bar, change the URL to https://<yourIPAddress>/diag.html
- Click on Internal Settings
- Scroll down to the Encryption Settings section
- Disable the check box under Disable TLSv1 (by default this is checked)
- Enable the option "Enable High Secure Cipher Suite Support"
- Restart the SonicWall.
After the above, try login again and check whether you see the log message.
Related Articles
- Bandwidth usage and tracking in SonicWall
- How to force an update of the Security Services Signatures from the Firewall GUI
- Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.
Categories
- Firewalls > TZ Series
- Firewalls > SonicWall SuperMassive E10000 Series
- Firewalls > SonicWall SuperMassive 9000 Series
- Firewalls > SonicWall NSA Series
YES
NO