I am having an issue with the following error that is baffling us, SSL routines:ssl3_read_bytes:sslv3 alert handshake failure. We are running SSL Forward Proxy service. This error is presented on the Juniper Forward Proxy log and at the remote server (example jpg.nyctmc.org). The remote server has sslv3 disabled according to vendor and testing seems to validate that also from ssllabs.com report. The error occurs on the SSL-I segment (https://www.screencast.com/t/iIgyKufxGYy) to the remote server.
This does not happen to all traffic, only certain remote secured servers like the example listed earlier. The forward proxy works fine with the few exceptions. I am not sure if this has anything to do with sslv3 or that is just a generic error. SSLv3 has been deprecated 2023-04-06_15-40-17
Anyone have any inputs on the error on SSL Forward Proxy?
Log from SRX1500 Proxy:
Appliance: Juniper SRX1500
JunOS: 21.2R3-S2.9 (https://www.screencast.com/t/kNu3xLWZz2iI)
Cluster: Yes
Service: SSL Forward Proxy (https://www.juniper.net/documentation/us/en/software/junos/application-identification/topics/topic-map/security-ssl-proxy.html)
Remote Server certificate: Not SNI
Remote Server SSLv3: Disabled
Juniper SSLv3: Disabled via shell on httpd and also ran - unset ssl sslv3
CEC Juniper Community
Cipher Suites: Both end has compatible latest cipher suites
------------------------------
Frank Cheung
------------------------------