SSL/TLS Handshake through Firewall issues

General support questions
Post Reply
derekxero
Posts: 4
Joined: 2019/10/07 17:31:35

SSL/TLS Handshake through Firewall issues

Post by derekxero » 2019/10/07 18:58:56

Not sure if this belongs in networking section / what's causing the issue:

I have a CentOS machine acting as a firewall / router, and another machine connected to it. The main firewall / router machine can access the internet (http/https) with no issues. The machine connected to it has its settings / interface configured properly, can ping websites, other networked machines, etc.

The proper ports, services, sources, and firewall rules are configured so that the connected machine(s) should be able to access the internet. When I try to navigate to an unencrypted / http webpage, I get a 403 forbidden error. When I try to navigate to an encrypted / https webpage, I get an unrecognized certificate / issuer error, I select 'Add Exception', and then get an SSL/TLS Handshake Failure.

I can't think of what might be causing the issue. The primary firewall / router machine doesn't have difficulty accessing the internet / websites.

aks
Posts: 2829
Joined: 2014/09/20 11:22:14

Re: SSL/TLS Handshake through Firewall issues

Post by aks » 2019/10/08 17:03:08

When I try to navigate to an unencrypted / http webpage, I get a 403 forbidden error.

Who is returning this? Is it the router machine? If so that's where the problem is.


When I try to navigate to an encrypted / https webpage, I get an unrecognized certificate / issuer error,

What certificate do you get? Is it self signed? Is it for a different domain? etc....

I select 'Add Exception', and then get an SSL/TLS Handshake Failure.

Yeah, don't do that.

Sounds like DNS (your side of the router) ain't working properly and/or you're trying to intercept TLS at the router.

dunch
Posts: 61
Joined: 2018/11/07 13:48:53
Location: Yorkshire

Re: SSL/TLS Handshake through Firewall issues

Post by dunch » 2019/10/09 07:34:49

Does your firewall/router machine have a proxy server running? Are you trying to access the web through this proxy?

addmin
Posts: 8
Joined: 2019/05/07 10:16:11

Re: SSL/TLS Handshake through Firewall issues

Post by addmin » 2019/10/10 06:15:19

derekxero wrote:
2019/10/07 18:58:56
Not sure if this belongs in networking section / what's causing the issue:

I have a CentOS machine acting as a firewall / router, and another machine connected to it. The main firewall / router machine can access the internet (http/https) with no issues. The machine connected to it has its settings / interface configured properly, can ping websites, other networked machines, etc.

The proper ports, services, sources, and firewall rules are configured so that the connected machine(s) should be able to access the internet. When I try to navigate to an unencrypted / http webpage, I get a 403 forbidden error. When I try to navigate to an encrypted / https webpage, I get an unrecognized certificate / issuer error, I select 'Add Exception', and then get an SSL/TLS Handshake Failure.

I can't think of what might be causing the issue. The primary firewall / router machine doesn't have difficulty accessing the internet / websites.
403 is caused when the accessed website has denied permissions to client or router has. If both have permitted check the firewall of the machine in the LAN. Even that has inbuilt firewall. If ping is successful then service type icmp is not blocked. If none of http sites are accessible means you need to add http in service type. Try curl with verbose to get actual error. You can also try

Code: Select all

firewall-cmd --list-all
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload
firewall-cmd --list-all

Post Reply

Return to “CentOS 7 - General Support”