cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question
abihsot__
Nickel

Mobile Access portal problem

Hi Guys,

Have anyone encountered such error in trace logs between gateway and backend server:

[LOGGER_CURL_INFO/] |11:25:28.998| TLSv1.2 (OUT), TLS alert, Server hello (2):
[LOGGER_CURL_INFO/] |11:25:28.998| SSL read: error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac, errno 0
[LOGGER_CURL_INFO/] |11:25:28.998| Closing connection 0
[LOGGER_CURL_INFO/] |11:25:28.998| TLSv1.2 (OUT), TLS alert, Client hello (1):

This happens on both R80.10 and R80.20 any JHF.

Gateway is a VM on esx.

Due to this error some files are partially downloaded, hence the webpage is broken.

6 Replies
Admin
Admin

Re: Mobile Access portal problem

The error suggests the SSL/TLS negotiation is failing.

What happens when you access the site in question without going through MAB?

Can you validate the TLS version used by your browser?

0 Kudos
abihsot__
Nickel

Re: Mobile Access portal problem

Hi Dameon,

Thanks for reply. Going directly to website - no problem. Connection is established using TLS1.2. By the way, forgot to mention:

* Using R77.30 works fine

* R80.10 MAB - I get this error with multiple web apps. This suggests it is not specific to that particular website.

0 Kudos
abihsot__
Nickel

Re: Mobile Access portal problem

During the event in tcpdump I can see rst flag is sent by gateway. But why?

I have done so far:

* changed TLS1.2 ciphers

* downgraded to TLS1.1 and TLS1.0

* Installed GW in different VLAN.

* tested with all vmware network adapter types

Admin
Admin

Re: Mobile Access portal problem

I would open a TAC case so we can troubleshoot this.

How To Open a Case with TAC and/or Account Services

0 Kudos
abihsot__
Nickel

Re: Mobile Access portal problem

Been there too Smiley Happy case is open for months now with almost no progress Smiley Sad I was thinking giving a shot here

0 Kudos
Admin
Admin

Re: Mobile Access portal problem

Please send me the SR in a Private Message.