I am trying to establish a TLS 1.2 connection via a machine certificate. This works fine on one machine:
3.590109 ClientIp ServerIp TLSv1.2 221 Client Hello
3.617942 ServerIp ClientIp TLSv1.2 1514 Server Hello
3.618151 ServerIp ClientIp TLSv1.2 1143 Certificate, Server Key Exchange, Certificate Request, Server Hello Done
3.627569 ClientIp ServerIp TLSv1.2 3593 Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message
3.660094 ServerIp ClientIp TLSv1.2 105 Change Cipher Spec, Encrypted Handshake Message
Connection established, data flowing. This machine does not use a proxy. The exact same client (a .NET program) on different machine is not so lucky, I can see in Wireshark that the client just does not not seem to answer to the server's certificate request:
10.792079 ClientIp ProxyIp TLSv1.2 221 Client Hello
10.827628 ServerIp ClientIp TLSv1.2 1374 Server Hello
10.827753 ServerIp ClientIp TLSv1.2 1374 Certificate [TCP segment of a reassembled PDU]
10.827840 ServerIp ClientIp TLSv1.2 103 Server Key Exchange, Certificate Request, Server Hello Done
Then the client reports "The request was aborted: Could not create SSL/TLS secure channel".
The only hint I am seeing is the [TCP segment of a reassembled PDU] message, which I am only (and always) seeing on the machine where the client is not connecting. I read that this just means that Wireshark reassembled packets and that it may not point to any protocol errors, however, maybe it means something since it never appears with the client that can connect?