Closed ronaaron closed 4 years ago
So I compared the outputs from a server which works with one which doesn't (using the same server s/w, and apparently slightly different configs). Both are using 'Let's Encrypt' certificates.
Both sessions proceed identically, until the the 'FINISHED' message from the handshake. In that case, the 'good' server gives the APPLICATION DATA message, while the 'bad' server gives another handshake.
After that, we error out with a handshake_failure ALERT message.
I'm guessing we aren't expecting another handshake, and thus fail.
Crap. It turns out the 'bad' server required SNI and I didn't have that enabled...
(reported also via email) The relevant debug dump is