Re: Strange Error on SSL Connections "Dropping Connections"

joncole · 02-08-2012

i have the same problem- MAPI sessions are not being accelerated, however other traffic is:

May 25 02:25:22 BFCORVB01 sport[30650]: [ssl/CliInitial.WARN] 3457 {10.16.20.99:4687 194.110.237.33:80} Unknown ssl record: perhaps of sslv2 protocol or a non-ssl protocol, could also be a misaligned packet or a wrong length field So inserting a rule to bypass all future connections between th

May 25 02:25:22 BFCORVB01 sport[30650]: [ssl/CliInitial.WARN] 3457 {10.16.20.99:4687 194.110.237.33:80} e current client-server pair and flagging an error on the current connection

May 25 02:25:22 BFCORVB01 sport[30650]: [ssl/CliInitial.WARN] 3457 {10.16.20.99:4687 194.110.237.33:80} Temporarily disabling interception of SSL for 194.110.237.33:80 - Protocol format used by the connection is neither SSLv3 nor TLSv1

May 25 02:25:41 BFCORVB01 sport[30650]: [ping/client.ERR] 0 {- -} Timed out while connecting to peer 208.86.138.187:7810 from 10.16.20.2:0

luisphellipe · 06-24-2008

Thanks Bob for your attention.. Well, before this happened the following errors:

May 26 11:12:07 steelhead-remoto sport: 133989 {10.28.12.75:1249 10.1.3.22:443} Unknown ssl record: perhaps of sslv2 protocol or a non-ssl protocol, could also be a misaligned packet or a wrong length field So inserting a rule to bypass all future connections between the
May 26 11:12:07 steelhead-remoto sport: 133989 {10.28.12.75:1249 10.1.3.22:443} current client-server pair and flagging an error on the current connection
May 26 11:12:07 steelhead-remoto sport: 133989 {10.28.12.75:1249 10.1.3.22:443} Temporarily disabling interception of SSL on this client-server pair because: Protocol format used by the connection is neither SSLv3 nor TLSv1

I fixed just configuring the Web Browser... In advanced options (Internet Explorer for example) has the options: SSL2, SSL3 and TLS1. I just unclicked the SSL2 and solved the problem.

The riverbed doesn't support the SSL2 and the configuration SSL2 on browsers need to stay disabled.

I really was scared about the problems with "Dropping Connections". But you clarified!!!

Thanks Bob

Cheers,

bgilbert · 02-28-2007

Hi Felipe,

The notice level message "dropping connection" by itself is not bad and there should be no cause for alarm. This situation is relatively normal and at this point, all application data has passed through the system and were just dealing with Steelhead to Steelhead communication.

However, if this message is preceded by specific warning-level messages then there could be a problem. Do you see any warning-level messages?

Thanks,

Bob

luisphellipe · 06-24-2008

Hi Everybody,

Many SLL connection when is ended in the system log display me the following "notice":

Jun 25 17:56:37 steelhead-remoto sport: 425557 {10.31.10.147:4798 10.1.3.22:443} Dropping connection

Is it normal behavior when the connections is ended??

The strange that the error don't crash the SSL optimization. By the way the optimization is working very well with 87% / 95% of reduction.

I attached the picture with this errors.

Thanks a lot,

Felipe

Message Edited by bgilbert on 01-28-2009 04:02 PM

Steelhead Appliance

Re: Strange Error on SSL Connections "Dropping Connections"

Strange Error on SSL Connections "Dropping Connections"

Strange Error on SSL Connections "Dropping Connections"

Strange Error on SSL Connections "Dropping Connections"