In person, a handshake can be used to greet someone or finalize an agreement with them. The same is true online.

https://blog.hubspot.com/hs-fs/hubfs/ssl-handshake-failed_6.webp?width=1785&height=1200&name=ssl-handshake-failed_6.webp

Team fixing SSL Handshake Failed error on their client device

When devices on a network — say, a browser and a web server — share encryption algorithms, keys, and other details about their connection before finally agreeing to exchange data, it’s called an SSL handshake. During this handshake, the browser and server might ask to see each other’s SSL certificates to verify them.

This handshake is essential for establishing a secure connection before transferring data, so it’s important to understand what an SSL handshake is and what to do if it fails.

SSL Handshake

The SSL handshake is the process in which a client and server establish the encryption algorithms and secret keys they will use to communicate with each other securely, and exchange and validate each other’s digital certificates.

Note: SSL and TLS are both cryptographic protocols that enable clients and servers operating over a network to communicate with each other securely. TLS has replaced SSL, but SSL is still a more commonly used term so we’ll continue to use it in this post.

SSL Handshake Steps

The exact steps in an SSL handshake vary depending on the version of SSL the client and server decide to use, but the general process is outlined below.

  1. The client says hello. This “client hello” message lists cryptographic information, including the SSL version to use to communicate with each other. It also lists which encryption algorithms it supports, which are known as Cipher Suites.
  2. The server responds hello. This “server hello” message contains important information, like which CipherSuite it chose, and its digital certificate. It might also request the client’s certificate.
  3. The client verifies the server’s certificate. It also sends several byte strings, including one for allowing both the client and the server to compute a secret key for encrypting subsequent messages, including the “finished” messages. If the server sends a client certificate request, it will also send a byte string encrypted with its own private key and digital certificate.
  4. The server verifies the client's certificate. This step only takes place if client authentication is required.
  5. The client says “I’m finished.” This “finished” message indicates that the client has completed its part of the handshake.
  6. The server says “I’m finished, too.” This “finished” message indicates that the sever has completed its part of the handshake.

For the remainder of the session, the server and client can now exchange messages that are encrypted with the same secret key, which was shared in step three. This is known as symmetric encryption. You can learn more about symmetric encryption, and how it differs from asymmetric encryption, in this post.

The steps above will occur if the process goes smoothly. But what if it doesn’t? Below we’ll walk through how to resolve an “SSL Handshake Failed” error message.

What is SSL Handshake Failed?

SSL Handshake Failed is an error message that occurs when the client or server wasn’t able to establish a secure connection.