By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

AWS Route53 SSL communication failure: Received fatal alert

0

I have one site deployed on AWS Rosa. This site is secured with https protocol. I am trying to create Route53 healthcheck for that site. The Route53 healthcheck fails stating reason -

Failure: Resolved IP: x.x.x.x. SSL communication failure: Received fatal alert: protocol_version

However I am able to access the site on browser. As mentioned at- https://aws.amazon.com/premiumsupport/knowledge-center/route-53-fix-unhealthy-health-checks/

following curl command returns me httpcode 200 and response time less than 1 second

curl -Ik -w "HTTPCode=%{http_code} TotalTime=%{time_total}\n" <http/https>://<domain-name/ip address>:<port>/<path> -so /dev/null

Also when I was trying to run same command with old curl version, I was getting error - routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

The error from Route53 also shows protocol version. Not sure if these 2 are related.

If site URL is accessible over browser, then Route53 health check should return healthy state

Topics
ComputeNetworking & Content Delivery
Tags
Website ProvisioningAmazon Route 53
Language
English
rePost-User-9088993
asked a year ago410 views
1 Answer
0

Hello,

Generally speaking, this error - Received fatal alert: protocol_version is usually raised when there is a mismatch found in the SSL protocol version.

To troubleshoot the TLS version we will need to investigate verbose details on the domain/endpoint -

$ curl -v [domain]

And as you may know curl has an option - tls-max [1] to control the TLS version used, which can be used to then compare what minimum version is the website accepting to confirm if there's a mismatch between the protocol being used and what is being accepted by the website -

$ curl -v [domain] --tls-max 1.2

Important Note - Please do not post any sensitive information about your domain/endpoint, your cURL logs or your AWS resources over re:Post since this is a public platform.

If the suggestions above do not help resolve the issue, we would have to troubleshoot based on your configurations. Could you please create a support case with our premium support team instead so we may discuss details on your resource configurations?

References:

[1] https://curl.se/docs/manpage.html#:~:text=remote%2Dtime.-,%2D%2Dtls%2Dmax%20%3CVERSION%3E,-(SSL)%20VERSION%20defines

profile pictureAWS
SUPPORT ENGINEER
Yash_C
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content