Hi,
After encountering this situation, I tried to remove the Proxy so I could download the document file (*.xlsx). But the problem I encounter is that there are files that can be downloaded and files that cannot be downloaded when installing a proxy on the computer.
Thanks!
Original Message:
Sent: Feb 27, 2024 12:53 AM
From: Klaus Klinge
Subject: How to fix "SSL client handshake completion failure with Zalo"
Hi,
did you check https://fg43.dlfl.me with a normal Browser - is the Webserver delivering a valid SSL-Certificate? Or is it expired? You allow selfsign, but not expired SSL-Certs: "server.certificate.validate.ignore(expiration)". But for me, it looks like that there is no SSL-Cert coming from the Webserver.
I would do a Packet-Capture and would take a look on the SSL-Connection, maybe a Cipher mismatch, or something.
Original Message:
Sent: Feb 26, 2024 04:21 AM
From: Minhpt Eptc Minhpt Eptc
Subject: How to fix "SSL client handshake completion failure with Zalo"
Hi!
I received the message "Error unable to download file" on the Zalo application.
Then I checked the Logs on ProxySG (SGOS 7.3.14.2 SWG Edition) and received the message
"10.X.X.X:50141 fg43.dlfl.me:443 - - - REQMOD: inactive RESPMOD: inactive 30 sec 255 0 100% - - OC (D) P BM (D) Explicit HTTP SSL HTTP : "" SSL(error) : "SSL client handshake completion failure" Active"
I followed the instructions at the link: https://knowledge.broadcom.com/external/article/166940/ssl-client-handshake-completion-failure.html
To disable server certificate validation for Zalo application.
Show CPL
;; Tab: [SSL_Access]
<SSL>
condition=WebApplicationZalo server.certificate.validate(yes) server.certificate.validate.ignore(untrusted_issuer) server.certificate.validate.check_revocation(auto) ; Rule 3
Show Plolicy
Show Action Policy "EPTC_SSL_Access"
\
I still encounter the "Error unable to download file" situation on the Zalo application.