WebSitePulse Knowledge Base

Force SSL version


Some HTTPS servers support only specific versions of the SSL and TLS protocols and might report errors during the SSL/TLS handshake. The WebSitePulse monitoring agent will try to auto-detect the supported protocol versions but this test will fail in some cases. To make sure that the monitoring agent uses a supported SSL/TLS version you can configure your target using the "Force SSL version" parameter. Currently this parameter accepts the following options:

  • No - default SSL handshake will be used
  • TLSv1 - forces the agent to use TLSv1 when negotiating the secure connection with the server
  • SSLv3 - forces the agent to use SSLv3 when negotiating the secure connection with the server
  • SSLv2 - forces the agent to use SSLv2 when negotiating the secure connection with the server. Please notice that SSLv2 is considered insecure and is being deprecated.

Forcing the SSL/TLS version can help you resolve the following issues:
  • TLS Long handshake issues - some servers are unable to respond to TLS connections whose initial requests (sent by a client) exceeds 255 bytes
  • SSLv2 handshake not supported - some servers will not respond to SSLv2 compatible handshake. For backward compatibility our agent will use an SSLv2 compatible hello message with the option to upgrade the protocol. If the server rejects the handshake the test fails.

Forcing the connection to use SSLv3 should resolve the most frequent SSL/TLS handshake issues, however it will not help if the agent is receiving SSL read/write errors which are mostly network related.



Similar topics

Knowledge base

Frequently asked questions
Search:

How would you rate the quality of this content?

12345
Poor  Outstanding

Tell us why you rated the content this way.


Current rating: 2.43


12345