Damion Brown's Blog

D97A 07F3 DCB1 302D

Unexplained TLS Handshake Failure


  • Sat 25 November 2017
  • Debug

This was a multifunction copier (MFC) failing scan to email. A packet capture shows a fatal error in the early stages of TLS negotiation.

I was never able to find the exact cause of the failure. The MFC was an effective black-block so unfortunately there was no access to verbose logs.

The packet capture shows a standard RFC5246 TLS handshake with compatibile protocol version 0x0301 and cipher 0x0035 between the server and client. Despite this the MFC terminated the connection.

You can download a pcap of this sequence here. If you figure out the root cause let me know - I'd love to solve this.


Screencaps


Full TCP Sequence.

Fig1. The full sequence.


Client Hello.

Fig2. The client hello.


Server Hello, Cert requests, and Server Done.

Fig3. The server hello, certificate requests, and server done.


Handshake Failure.

Fig4. The handshake fatal error.


You can download a pcap of this sequence here.