Failed to read beginning of SSL/TLS record – can be caused by External Firewall
If the problem is with Office365, such as with SendEmail to smtp.office365.com, port 587, then updating to Chilkat v9.5.0.93 or later will solve the problem.
For example, if you see the following, then update to v9.5.0.93 or later.
...
ensureSmtpSession:
ensureSmtpConnection:
smtpParams:
SmtpHost: smtp.office365.com
SmtpPort: 587
SmtpUsername: ...
SmtpSsl: 0
StartTLS: 1
--smtpParams
smtpConnect:
smtpHostname: smtp.office365.com
smtpPort: 587
connectionIsReady:
SMTP host changed.
SMTP port changed.
Need new SMTP connection, something changed!
--connectionIsReady
smtpSocketConnect:
socketOptions:
SO_SNDBUF: 262144
SO_RCVBUF: 4194304
TCP_NODELAY: 1
SO_KEEPALIVE: 1
--socketOptions
--smtpSocketConnect
smtpGreeting:
readSmtpResponse:
SmtpCmdResp: 220 xxx.outlook.office365.com Microsoft ESMTP MAIL Service ready at Sun, 27 Nov 2022 22:24:53 +0000
--readSmtpResponse
--smtpGreeting
startTLS:
sendCmdToSmtp:
SmtpCmdSent: EHLO xxx
--sendCmdToSmtp
readSmtpResponse:
SmtpCmdResp: 250-xxx.outlook.office365.com Hello [111.39.33.222]
SmtpCmdResp: 250-SIZE 157286400
SmtpCmdResp: 250-PIPELINING
SmtpCmdResp: 250-DSN
SmtpCmdResp: 250-ENHANCEDSTATUSCODES
SmtpCmdResp: 250-STARTTLS
SmtpCmdResp: 250-8BITMIME
SmtpCmdResp: 250-BINARYMIME
SmtpCmdResp: 250-CHUNKING
SmtpCmdResp: 250 SMTPUTF8
--readSmtpResponse
sendCmdToSmtp:
SmtpCmdSent: STARTTLS
--sendCmdToSmtp
readSmtpResponse:
SmtpCmdResp: 220 2.0.0 SMTP server ready
--readSmtpResponse
clientHandshake:
clientHandshake2:
ProcessHelloRetryRequest:
readHandshakeMessages:
Failed to read beginning of SSL/TLS record.
b: 0
dbSize: 0
nReadNBytes: 0
idleTimeoutMs: 30000
readTlsRecord: Socket connection closed.
See https://cknotes.com/failed-to-read-beginning-of-ssl-tls-record-can-be-caused-by-external-firewall/
--readHandshakeMessages
--ProcessHelloRetryRequest
--clientHandshake2
--clientHandshake
Client handshake failed. (1)
connectionClosed: 1
Failed to establish TLS connection.
--startTLS
--smtpConnect
--ensureSmtpConnection
If not Office365 …
The following error was recently reported:
...
Connecting to POP3 server
hostname: pop.somemailserver.com
port: 995
tls: True
connectTimeoutMs: 30000
isInSshTunnel: 0
socket2Connect:
connect2:
connectImplicitSsl:
clientHandshake:
clientHandshake2:
readHandshakeMessages:
WindowsError: An existing connection was forcibly closed by the remote host.
WindowsErrorCode: 0x2746
maxToReceive: 5
Failed to receive data on the TCP socket
Failed to read beginning of SSL/TLS record.
b: 0
dbSize: 0
nReadNBytes: 0
idleTimeoutMs: 30000
--readHandshakeMessages
--clientHandshake2
--clientHandshake
Client handshake failed. (3)
...
The initial TCP connection to the host:port succeeds, but then the initial read of the TLS ClientHello (the 1st message sent in the SSL/TLS handshake) fails with the above error.
There may be other causes, but in this case the issue was caused by an external firewall. Perhaps a firewall with stateful packet inspection. The user made adjustments to the firewall (and I don’t know the details), and connections seem to working reliably again.
admin
0
Tags :