Installing a Secure Sockets Layer (SSL) certificate on your WordPress site enables information technology to apply HTTPS to ensure secure connections. Unfortunately, there are a variety of things that can get wrong in the process of confirming a valid SSL certificate and making a connexion between your site's server and a company'south browser.

If you've encountered an "SSL Handshake Failed" error message and are confused as to what it means, you're not alone. It'southward a common error that doesn't tell you much on its ain. While this tin can exist a frustrating feel, the proficient news is that there are simple steps yous tin can take to resolve the consequence.

In this post, we'll explain what the SSL Handshake Failed error is and what causes it. Then nosotros'll provide you with several methods you can apply to fix it.

Let's become started!

An Introduction to the SSL Handshake

Before we dig deeper into what causes a TLS or SSL handshake failure, it's helpful to sympathise what the TLS/SSL handshake is. Secure Sockets Layer (SSL) and Send Layer Security (TLS) are protocols used to authenticate information transfers between servers and external systems such every bit browsers.

SSL certificates are needed in order to secure your website using HTTPS. Nosotros won't get too in-depth almost the difference between TLS vs SSL since information technology's a minor one. The terms are ofttimes used interchangeably, so for simplicity's sake, we'll use "SSL" to refer to both.

With that out of the way, an SSL handshake is the commencement step in the procedure of establishing an HTTPS connection. To cosign and establish the connexion, the user's browser and the website'southward server must go through a series of checks (the handshake), which institute the HTTPS connection parameters.

Let u.s.a. explicate: the client (typically the browser) sends a asking for a secure connection to the server. Subsequently the asking is sent, the server sends a public key to your computer and checks that key against a listing of certificates. The calculator then generates a key and encrypts information technology, using the public key sent from the server.

To brand a long story short, without the SSL handshake, a secure connection won't exist fabricated. This can pose a significant security risk. Plus, in that location are a lot of moving parts involved in the process.

That means at that place are many different opportunities for something to go wrong and cause a handshake failure, or even lead to the "your connection is not private" fault, causing visitors to leave.

Confronted with the 'SSL Handshake Failed' error? 🤝 Get a grip on how to solve it with these 5 methods ⤵️ Click to Tweet

Understanding What Causes SSL Handshake Failures

An SSL Handshake Failure or Error 525 means that the server and browser were unable to constitute a secure connectedness. This can happen for a diversity of reasons.

Mostly, an Error 525 means that the SSL handshake between a domain using Cloudflare and the origin web server failed:

ssl handshake failed error

However, it'southward as well important to understand that SSL errors tin can happen on the client-side or the server-side. Common causes of SSL errors on the client-side include:

  • The incorrect date or time on the client device.
  • An error with the browser configuration.
  • A connection that is being intercepted by a third party.

Some server-side causes include:

  • A cipher suite mismatch.
  • A protocol used by the customer that isn't supported by the server.
  • A document that is incomplete, invalid, or expired.

Typically, if the SSL handshake fails, the issue tin be attributed to something wrong with the website or server and their SSL configurations.

How to Fix the SSL Handshake Failed Mistake (5 Methods)

There are several potential causes behind the "SSL Handshake Failed" fault. And then there'south no unproblematic answer when it comes to how you lot should fix it.

Fortunately, at that place are a scattering of methods you can apply to begin exploring potential issues and resolving them one past one. Permit'southward take a look at v strategies you tin can utilize to try and prepare the SSL Handshake Failed mistake.

1. Update Your Organisation Date and Time

Let's start with one of the more than unlikely causes, but one that is incredibly easy to correct if it is the problem: your computer's clock.

If your organization is using the incorrect date and fourth dimension, that may interrupt the SSL handshake. When the organization clock is different than the actual time, for instance, if it's set too far into the hereafter, it tin interfere with the SSL certificate verification.

Your computer'southward clock might have been fix incorrectly due to human mistake or merely due to a glitch in your settings. Any the reason, it's a expert thought to cheque and make sure your organisation time is correct, and update information technology if it's not.

Of course, if your clock is showing the correct data, information technology'due south prophylactic to assume that this isn't the source of the "SSL Handshake Failed" issue.

2. Check to See If Your SSL Certificate Is Valid

Expiration dates are placed on SSL certificates, to help make certain their validation information remains accurate. Generally, the validity of these certificates lasts for anywhere between six months and two years.

If an SSL certificate is revoked or expired, the browser will find this and be unable to complete the SSL handshake. If it's been more than a year or and then since you lot installed an SSL certificate on your website, it might exist fourth dimension to reissue it.

To view the status of your SSL certificate, yous tin use an SSL document checker tool such as the one offered by Qualys:

qualys labs
The SSL Server Test tool on the Qualys website

This tool is both reliable and free to utilise. All you need to do is input your domain name into the Hostname field, and then click on Submit. Once the checker is washed analyzing your site'due south SSL configuration, it will present you with some results:

Subscribe Now

ssl certificate status
The results page of the Qualys SSL checker tool

On this page, you can discover out if your certificate is nevertheless valid and see if it has been revoked for whatever reason.

In either case, updating your SSL document should resolve the handshake error (and is vital for keeping your site and your WooCommerce store secure).

3. Configure Your Browser for the Latest SSL/TLS Protocol Support

Sometimes the best way to determine the root crusade of an upshot is by procedure of elimination. As we mentioned earlier, the SSL handshake failure can often occur due to a browser misconfiguration.

The quickest way to determine whether a particular browser is the problem is to attempt switching to a different one. This tin at least help narrow downwardly the problem. You may also effort disabling any plugins and resetting your browser back to its default settings.

Another potential browser-related issue is a protocol mismatch. For instance, if the server merely supports TLS 1.2, but the browser is just configured for TLS 1.0 or TLS 1.1, there's no mutually-supported protocol bachelor. This will inevitably lead to an SSL handshake failure.

How you tin cheque to come across if this problem is occurring varies based on the browser yous're using. As an example, we'll await at how the procedure works in Chrome. First, open your browser and get to Settings >Avant-garde. This volition aggrandize a number of carte du jour options.

Under the System section, click on Open your calculator's proxy settings:

proxy settings
The system settings page in Google Chrome

This will open up up a new window. Next, select the Avant-garde tab. Nether the Security section, check to see if the box next to Utilize TLS 1.ii is selected. If not, check that pick:

Fix "ssl handshake failed" error: ssl tls settings
The Internet Properties advanced settings in Windows

Information technology's also recommended that you uncheck the boxes for SSL 2.0 and SSL 3.0.

The same applies to TLS 1.0 and TLS 1.1 since they are beingness phased out. When you're done, click on the OK push button, and cheque to run into if the handshake error has been resolved.

Notation that if you're using Apple tree Safari or Mac OS at that place isn't an option to enable or disable SSL protocols. TLS ane.ii is automatically enabled past default. If you're using Linux, you tin can refer to the Red Hat guide on TLS hardening.

4. Verify That Your Server Is Properly Configured to Support SNI

It's also possible that the SSL handshake failure is being caused by improper Server Proper name Indication (SNI) configuration. The SNI is what enables a web server to securely host several TLS certificates for one IP address.

Each website on a server has its own certificate. All the same, if the server isn't SNI-enabled, that can result in an SSL handshake failure, because the server may non know which certificate to present.

There are a few ways to check and come across whether a site requires SNI. One option is to use Qualys' SSL Server Test, which nosotros discussed in the previous section. Input your site's domain proper name, and so click on the Submit button.

On the results folio, look for a message that reads "This site works but in browsers with SNI support":

browser sni support
The summary results page of the Qualys SSL checker tool

Another approach for detecting if a server is using SNI is to browse the server names in the 'ClientHello' message. This is a more technical process, but it tin can offer a lot of information.

Information technology involves checking the extended hello header for a 'server_name' field, to see if the right certifications are presented.

If you're familiar with using tools such as the OpenSSL toolkit and Wireshark, yous might detect this method preferable. Y'all tin can apply openssl s_client with and without the -servername option:

          # without SNI  $ openssl s_client -connect host:port    # use SNI  $ openssl s_client -connect host:port -servername host

If yous get two different certificates with the same name, it ways that the SNI is supported and properly configured.

However, if the output in the returned certificates is unlike, or the call without SNI cannot establish an SSL connection, information technology indicates that SNI is required merely not correctly configured. Resolving this upshot may require switching to a dedicated IP address.

5. Make Sure the Cipher Suites Match

If you even so haven't been able to identify the cause of the SSL handshake failure, it might be due to a cipher suite mismatch. In instance yous're unfamiliar with the term, 'cipher suites' refer to a set up of algorithms, including ones for key exchange, bulk encryption, and message authentication code, that can exist used for securing SSL and TLS network connections.

If the cipher suites that a server uses don't support or match what's used by Cloudflare, that can result in an "SSL Handshake Failed" error.

When it comes to figuring out whether at that place is a aught suite mismatch, Qualys' SSL Server Test proves yet again to be a useful tool.

When y'all input your domain and click on Submit, you'll meet a summary assay page. You can find the nothing data under the Cipher Suites department:

qualys cipher suites
The Zilch Suites section in a Qualys SSL written report

You can apply this page to observe which ciphers and protocols the server supports. You'll desire to look out for any that brandish the 'weak' condition. In add-on, this section also details the specific algorithms for the cypher suites.

To correct this issue, yous can compare the results confronting what your browser supports past using the Qualys SSL/TLS Capabilities of Your Browser tool. For more extensive data and guidance about cipher suites, we too recommend checking out the ComodoSSLStore guide.

Dislocated past the 'SSL Handshake Failed' error message? This guide explains what information technology is and, most importantly, 5 ways to set up it 🙌 Click to Tweet

Summary

One of the well-nigh perplexing nonetheless common types of SSL-related problems is the "SSL Handshake Failed" fault. Dealing with this error tin can be stressful since it has many potential causes, including both client- and server-side issues.

However, there are some reliable solutions y'all can use to identify the problem and resolve it. Hither are five ways y'all can use to gear up the SSL Handshake Failed fault:

  1. Update your organisation engagement and time.
  2. Bank check to see if your SSL document is valid (and reissue it if necessary).
  3. Configure your browser to support the latest TLS/SSL versions.
  4. Verify that your server is properly configured to support SNI.
  5. Make sure the cipher suites match.

Save time, costs and maximize site performance with:

  • Instant help from WordPress hosting experts, 24/7.
  • Cloudflare Enterprise integration.
  • Global audience achieve with 32 data centers worldwide.
  • Optimization with our congenital-in Application Performance Monitoring.

All of that and much more than, in one plan with no long-term contracts, assisted migrations, and a 30-day-money-back-guarantee. Check out our plans or talk to sales to observe the program that's right for you.