TLS connection failed after server Encrypted Handshake

Èl Sea

1/27/23, 8:35 AM

I am trying to fault find a TLS connection between my solar inverter and the monitoring servers that keeps failing. The solar inverter connects to my wireless AP (Ubiquiti UAP-AC-Lite), which is plugged into a 8-port switch (Ubiquiti US-8-60W), plugged into my router (Ubiquiti Edgerouter Lite). The router connects to the internet through a PPPoE connection to my ISP.

When the Solar Inverter is connected through my network directly it initially was working correctly for about 5 days. Then suddenly it would fail to connect to the monitoring servers. Wireshark capture shows a normal TLS connection, right up until the Server Encrypted handshake. After the Encrypted Handshake, the solar inverter sends an ACK, followed by a RST.

If I hotspot it to my phone, with mobile data off and connected to wifi, I can successfully connect to the monitoring servers, as shown by the packet capture below.

The two streams seem to be identical so I cant think of any reason why the inverter is sending a RST. And I dont have access to the server packet capture or logs.

Anyone think of why it would drop the connection, or what I can try? I dont understand why it works if it passes through the phone but not directly connected to wifi.

I have also tried turning off the firewall on the router without any effect.

Thanks in advance.

0 + 0

ssl

Michael Hampton

1/27/23, 10:28 AM

Compare carefully all of the details of the line labeled `Change Cipher Spec, Encrypted Handshake Message` in each capture. It appears your client did not like something in that message in one case.

Èl Sea

1/27/23, 12:48 PM

@MichaelHampton I went through all the headings of both packets and all the TCP seemed identical. The TLS information didn't reveal much, both looked the same, except for the encrypted data itself (id be worried if it was the same really) Is there a way to check the Handshake? or another way without access to the logs? If the inverter didn't like the handshake I would have expected an Encrypted Alert, followed by a FIN, but I am a rookie. I did find one connection that failed after the servers encrypted handshake, which the inverter sent a Encrypted Alert and a FIN.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: TLS connection failed after server Encrypted Handshake

TH: การเชื่อมต่อ TLS ล้มเหลวหลังจากเซิร์ฟเวอร์เข้ารหัส Handshake

RO: Conexiunea TLS a eșuat după strângere de mână criptată pe server

RU: Сбой подключения TLS после зашифрованного рукопожатия сервера

VI: Kết nối TLS không thành công sau khi bắt tay được mã hóa của máy chủ

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.