Database Reference
In-Depth Information
SSL issues
We can categorize all the SSL issues into two categories; handshake failures and
poor performance.
The SSL handshake failures are due to one of the following reason(s):
Expired certificates : When the SSL server-side certificate is expired, you
need to request the service provider to update the SSL certificate. It is a
leading practice, if you are updating your SSL certificate don't use the old
Certificate Signing Request ( CSR ) to request a new certificate. Always
produce a CSR request with a new certificate key with the latest mandate
on the key length. The present recommendations for SSL certificate key
length is 2048.
Wrong site domain : The most common mistake for site domains that are
made is using mysitedomain.com versus www.mysitedomain.com
and vice versa in the URL address.
Missing Certificate Authority (CA) in the trust store : Install the root and
intermediate CA into the trust store of SSL client application. In a client-
server authentication or two-way SSL implementations we have a trust
store at the server side as well.
Missing cipher suite : Client and server not able to find common cipher
suite to be used for encrypting the communication. This usually happens
when one end is using an outdated SSL implementation. Install the miss-
ing cipher suites or update the SSL implementation.
SSL's poor performance is usually caused by not configuring an SSL cache. It is a
leading practice to implement an SSL cache at web server(s) or leverage SSL offload
to an L4 switch.
Search WWH ::




Custom Search