No "Client Key Exchange" in Client to Server comms
I'm working on an issue where a piece of Client software tries to set up a handshake with it's Server side. In the correct scenario, there should be 4 lines:
- TLSv1.2 Client Hello
- TLSv1.2 Server Hello, Certificate, Server Key Exchange, Server Hello Done
- TLSv1.2 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message
- TLSv1.2 Change Cypher Spec, Encrypted Handshake Message
In the faulting scenario, there's only 2 lines followed by an ACK and a FIN, ACK:
- TLSv1.2 Client Hello
- TLSv1.2 Server Hello, Certificate, Server Key Exchange, Server Hello Done
- TCP [ACK]
- TCP [FIN, ACK]
On the Client side there's an MS Server 2012R2 OS. The odd thing is, some of the same OS machines in the same region work fine.
I would appreciate any clue as to what could be the cause of this.
Your bullet list doesn't indicate the direction (src, dst) of the messages, but I would guess that it's the client closing the connection because it doesn't like something in the server response.
It's a log we created on the server-side of the client-server setup. Any "Client" is the src received by the "Server" dst. Any "Server" is the src sending it to "Client" dst.
I was afraid someone might reply that. I could really use some pointer as to what that "something" in the response could be. Even where to look further would be much appreciated.
If it is the client closing the connection, then client logs, either OS (i.e. event viewer) or application logs might be the place to look.