Wednesday, April 1, 2015

"Network Error (Connection hangup) on Back interface"-Solution

In DataPower  firmware version 7 most of the SSL proxy profile objects have been affected with the titled error. All the certificates are validated even though you would see the Connection Hangup error.
The main reason for this error is,

  • Crypto Profile object in DataPower have the series of open SSL options which modify the behavior of SSL hand shake, 
  • From version 7 DataPower supporting the TLS v1.1 and 1.2 protocols. As we all know SSL is being replaced by TLS due its high security, but most of the servers are still using the combination of SSl v3.0 and TLS 1.0 for the SSL negotiation. 
  • There are explicit options available on the crypto profile object to disable the TLS v1.1 and 1.2 if these options not checked then the SSL handshake will take the highest security protocol TLS 1.1 or TLS 1.2 by default and cannot complete the SSL handshake due the server was expecting the SSL v3 and TLS 1.0.


Solution: Check the Disable TLS v1.1 and TLS v1.2 options. By default they were enabled. If the server is configured with TLS v1.1 and v1.2  capability then you wouldn't find this issue at all.


Posted by at

7 comments:

  1. SohamJune 29, 2015 at 11:31 AM

    Thanks for the info.

    ReplyDelete
  2. UnknownDecember 22, 2015 at 3:02 PM

    Can you please advise that how did you come to conclusion that to disable TLS1.1 and 1.2?

    ReplyDelete
    Replies
    1. srivatsavaDecember 23, 2015 at 5:41 PM

      I have checked the backend server SSL connection options and got to know handshake is failing at protocol negotiation.Then i have read the version 7 documentation on SSL crypto profile update.Then i have understand above scenario.

      Delete
  3. UnknownJanuary 12, 2017 at 3:18 PM

    Thanks , this helped to resolve the issue

    ReplyDelete
  4. ShashankMarch 12, 2019 at 7:32 AM

    We have to enable "Disable TLS Version 1.1" and "Disable TLS Version 1.2" toggles or we have disable those toggles? Other than these what might be the possible solutions other than these. Can you guide me?

    ReplyDelete
  5. Gary T. ThomasApril 22, 2019 at 2:48 AM

    This is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here! keep up the good work Is Amway Legitimate Business Or Another Pyramid Scheme

    ReplyDelete
  6. Benjamin S. WilsonJuly 9, 2021 at 1:16 AM

    i love reading this article so beautiful!!great job! bookmetoday.com

    ReplyDelete

Subscribe to: Post Comments (Atom)