Archived Forum Post

Index of archived forum posts

Question:

HTTP SSL/TLS Connect Failure

Jan 11 '16 at 08:52

We are suddenly getting this error message for something that has always worked:

PostXml:
    DllDate: Oct 30 2012
    UnlockPrefix: xxx
    Username: xxx
    Architecture: Little Endian; 32-bit
    Language: ActiveX
    VerboseLogging: 0
...

  numBytesRequested: 5
  Connection closed by connected peer.
  Failed to read beginning of SSL/TLS record.
  Failed to read incoming handshake messages. (1)
  Client handshake failed. (3)
  Failed to connect.

...


Answer

This error likely indicates that the server was upgraded to become more secure and changed it's list of TLS cipher suites that it is willing to accept. It is likely that the old version of Chilkat being used (DllDate: Oct 30 2012) does not offer any of the cipher suites accepted by the server.

Updating to the latest version of Chilkat should solve the problem because Chilkat offers many more cipher suites now than in years past.

What happens internally is this: The TLS handshake begins with the TLS client (Chilkat) sending a TLS ClientHello message to the server. The ClientHello lists the TLS cipher suites supported by the client. If the server finds no acceptable cipher suite, then it either closes the connection or sends a TLS alert and then closes the connection. The "Failed to read beginning of SSL/TLS record" error message is Chilkat trying to read the server's ServerHello message, but instead the server closed the connection.