Fix: Error During SSL Handshake With Remote Server

Improperly configured server will give you various SSL errors

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • To fix errors during SSL handshake, adjust the Apache server proxy settings properly.
  • Ensure that both the client and the server are using the same protocols.
error during ssl handshake with remote server

Error during SSL handshake with the remote server will prevent the client from communicating with a server, making an online service or web app inaccessible.

If you’re hosting a service online, this is a major issue, so it’s crucial to fix the problem as soon as possible. This guide will show you a few ways to do so.

This error message occurs when a client can’t establish a secure connection with the server, thus giving a handshake error. The most common cause for this issue is your server’s SSL settings and expired certificates. You might get this error if both the server and the client don’t use the same protocols.

How do I fix error during SSL handshake with remote server?

1. Change Apache settings

  1. Open the command line tool and access the server.
  2. Now run the following command: sudo nano /etc/apache2/sites-available/your-site.conf
  3. Make sure the following lines are available in the config file:
    SSLProxyEngine on
    SSLProxyVerify none
    SSLProxyCheckPeerCN off
    SSLProxyCheckPeerName off
    SSLProxyCheckPeerExpire off

  4. Save changes.

2. Check allowed protocols

  1. Open the command line and run the following command: sudo nano /etc/apache2/sites-available/your-site.conf
  2. Next, configure the value as follows: SSLProxyProtocol all -SSLv2 -SSLv3 -TLSv1
  3. Save changes.
  4. In case you’re still having problems, make sure that values for SSLProxyCipherSuite are properly set.

3. Generate the self-signed certificate again

  1. Start the terminal once again.
  2. Once you connect to the server, run the following: openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ssl.key -out ssl.crt
  3. This will generate the new certificate for your server.

This method works if you have previously generated a self-signed certificate on the server.

4. Modify the rproxy.conf file

  1. Open the terminal and run the following command: nano rproxy.conf
     
  2. Make sure you add the following line: SetEnv proxy-sendchunked 1
  3. Save changes.

You may also try to:

  • Force the proxy to set the compression to none. This can help if the proxy isn’t working with gzip.
  • Configure the application to use HTTP internally. This applies only if you’re using a local server for testing purposes.

Tips to prevent errors during SSL handshake

  • Ensure the SSL certificate provided by the server is valid, and check intermediate certificates in the chain. Try to use certificates issued by a trusted certificate authority.
  • Ensure that the certificate’s common name and subject alternate name match the hostname.
  • Check the protocols and ensure that both the client and the server are using compatible protocol versions. Also, check server and client SSL/TLS configuration.
  • Keep the SSL libraries up to date at all times.
  • Ensure that your firewall isn’t blocking port 443, which is used for SSL/TLS.

These steps should help you fix The proxy server could not handle the request reason: error during SSL handshake with remote server. In most cases, the issue is related to Apache configuration, and you need to adjust your server settings accordingly.

In case you don’t fix this error, you’ll get Handshake failed returned SSL error code 1 or SSL_error_handshake_failure_alert message in your browser. Due to problems with SSL, many reported that Chrome says not secure even if the certificate is valid, but that can be easily fixed.

As for those worried about solving the ?gws_rd=ssl error on Google in no time, clearing the browsing and deleting unwanted add-ons are just two methods described in our dedicated guide. Don’t hesitate to check it out.

Did you manage to fix this issue? If so, share with us what solution worked for you.

More about the topics: server, SSL error