This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Error while connecting to SSL/TLS site behind UTM (SSL handshake incomplete)

We're having some trouble connecting to a site whose static resources are hosted in an Akamai server. One of the resources we cannot load while behind the firewall is:

https://static2.e-cadeiras.com.br/logo-ecadeiras.png

I've discarded Web Protection after going through Policy Helpdesk. Then I've tried to connect with Curl in verbose mode. While behind firewall, the process stucks while doing SSL handshake:

$ curl -v https://static2.e-cadeiras.com.br/logo-ecadeiras.png
* timeout on name lookup is not supported
* Trying 23.76.252.73...
* TCP_NODELAY set
* Connected to static2.e-cadeiras.com.br (23.76.252.73) port 443 (#0)
* schannel: SSL/TLS connection with static2.e-cadeiras.com.br port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 194 bytes...
* schannel: sent initial handshake data: sent 194 bytes
* schannel: SSL/TLS connection with static2.e-cadeiras.com.br port 443 (step 2/3)
* schannel: failed to receive handshake, need more data

On the other hand, while connected direct to the internet gateway:

$ curl -v static2.e-cadeiras.com.br/logo-ecadeiras.png
* timeout on name lookup is not supported
* Trying 23.216.192.221...
* TCP_NODELAY set
* Connected to static2.e-cadeiras.com.br (23.216.192.221) port 443 (#0)
* schannel: SSL/TLS connection with static2.e-cadeiras.com.br port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 194 bytes...
* schannel: sent initial handshake data: sent 194 bytes
* schannel: SSL/TLS connection with static2.e-cadeiras.com.br port 443 (step 2/3)
* schannel: failed to receive handshake, need more data
* schannel: SSL/TLS connection with static2.e-cadeiras.com.br port 443 (step 2/3)
* schannel: encrypted data buffer: offset 4096 length 4096
* schannel: encrypted data length: 4022
* schannel: encrypted data buffer: offset 4022 length 4096
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with static2.e-cadeiras.com.br port 443 (step 2/3)
* schannel: encrypted data buffer: offset 5046 length 5046
* schannel: encrypted data length: 100
* schannel: encrypted data buffer: offset 100 length 5046
* schannel: received incomplete message, need more data
* schannel: SSL/TLS connection with static2.e-cadeiras.com.br port 443 (step 2/3)
* schannel: encrypted data buffer: offset 1969 length 5046
* schannel: sending next handshake data: sending 126 bytes...
* schannel: SSL/TLS connection with static2.e-cadeiras.com.br port 443 (step 2/3)
* schannel: encrypted data buffer: offset 258 length 5046
* schannel: SSL/TLS handshake complete
* schannel: SSL/TLS connection with static2.e-cadeiras.com.br port 443 (step 3/3)
* schannel: stored credential handle in session cache
> GET /logo-ecadeiras.png HTTP/1.1
> Host: static2.e-cadeiras.com.br
> User-Agent: curl/7.54.0
> Accept: */*

This thread was automatically locked due to age.