Secure Sockets Layer (SSL): It is an internet security protocol based on encryption. It was developed in the year 1996 by Netscape to ensure privacy, authentication, and data integrity. It is the predecessor to TLS encryption. It provides a secure channel between two devices or machines communicating over the Internet or even an internal network. SSL is also used to secure communication between web browsers and web servers. This can be seen when a site’s address has HTTPS, where the ‘S’ stands for ‘secure’. It is also a transparent protocol and requires little to no interaction from the end user in establishing a secure session. Some examples of services protected by SSL are online payments, webmail servers, and system logins.
Transport Layer Security (TLS): It can be described as a more secure and updated version of SSL. It is a cryptographic protocol that allows end-to-end security of data exchanged between different applications over the Internet. It was specifically based on SSL 3.0 and was developed in the year 1999 by the Internet Engineering Task Force (IETF). As SSL has not been updated since the year 1996, TLS has been considered the industry standard for over 20 years. TLS is implemented on top of TCP to encrypt Application Layer protocols like HTTP, FTP, SMTP, and IMAP. It can also be implemented on UDP, DCCP, and SCTP. The main use of TLS is to encrypt the communication between web applications and servers. For example, web browsers loading a website.
An SSL/ TLS handshake error occurs when the client and server can’t establish communication over the SSL/TLS protocol (usually due to a protocol mismatch).
Some common fixes to the SSL/TLS handshake failed error:
1. Correcting System Time: It is one of the easiest and most obvious fixes. If the system date and time on your device are incorrect, it can cause an SSL/TLS handshake failed error. This error happens because the correct date and time are essential for SSL certificates; as they have finite lifespans and have an expiration date.
2. Using a different Browser: Sometimes, the browser in use can cause the SSL/TLS handshake failure. It may be due to a browser misconfiguration or a browser plugin, which can cause problems in connecting to legitimate websites. As finding out the exact misconfiguration can be time-consuming, you can simply try another browser. If you still face the SSL/TLS handshake failure even after changing the browser, the issue usually lies with the browser plugins. To verify whether this is the case, disable all installed plugins and check again.
3. Add website to allowlist: It may be possible that your firewall is intercepting your request for inspection, causing an SSL/TLS handshake failure. To fix this, add the website to your allowlist. For Google Chrome,
- Open the admin console homepage and go to Devices→Chrome.
- Settings→Users & browsers.
- Leave the top organizational unit selected (which it should be by default). This applies the setting to all users and enrolled browsers.
- Scroll down to URL Blocking and enter the website you want to access, under Blocked URL Exceptions.
- Hit Save.
4. Update browser to the latest SSL protocol: To check if your browser is using the latest SSL protocol:
- Visit SSL Labs.
- Click on Projects.
- Click on SSL Client Test.
- Under Protocol Support, check whether your browser supports the latest version of TLS.
Advantages of SSL/TLS:
- Improved Security.
- Easily deployed.
- Ability to use HTTP/2.
Disadvantages of SSL/TLS:
- Speed degradation.
- Allows insecure encryption.
- Plugin incompatibility.