How can I tell if an SSL Alert of 21 is a real decode failure?

Document ID : KB000031712
Last Modified Date : 14/02/2018
Show Technical Document Details


Looking in a PCAP file, I see an SSL Alert of 21. How can I tell if this is a real decode failure?

SSL Alert KB.jpg



There are several reasons to have an SSL Alert 21 (Decode Failure). These include the following:


1.  It may be the normal termination of either side of the SSL Conversation. If this is the case, you will see FIN packets after the alert.


     This is the most typical cause and is not a real decode failure.


2.  Issues reading a private key in a certificate chain. Re-adding the private key as not a part of the certificate chain may resolve this.


3. Other factors



Additional Information:   -- More on SSL Shutdown  -- List of SSL Alerts  -- Reference on SSL Debugging  -- TIM and SSL Certificate chains.