Failed to read beginning of SSL/TLS record – can be caused by External Firewall
The following error was recently reported:
... Connecting to POP3 server hostname: outlook.office365.com port: 995 tls: True connectTimeoutMs: 30000 isInSshTunnel: 0 socket2Connect: connect2: connectImplicitSsl: clientHandshake: clientHandshake2: readHandshakeMessages: WindowsError: An existing connection was forcibly closed by the remote host. WindowsErrorCode: 0x2746 maxToReceive: 5 Failed to receive data on the TCP socket Failed to read beginning of SSL/TLS record. b: 0 dbSize: 0 nReadNBytes: 0 idleTimeoutMs: 30000 --readHandshakeMessages --clientHandshake2 --clientHandshake Client handshake failed. (3) ...
The initial TCP connection to the host:port succeeds, but then the initial read of the TLS ClientHello (the 1st message sent in the SSL/TLS handshake) fails with the above error.
There may be other causes, but in this case the issue was caused by an external firewall. Perhaps a firewall with stateful packet inspection. The user made adjustments to the firewall (and I don’t know the details), and connections seem to working reliably again.