Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

TLS Handshake error on sending even though partner can send with no problem in AS2

0

After setting up an AS2 partner/connector/agreement, we tried sending a test document to the partner. However, even though the partner was able to successfully send to us, we were not able to send to them. The failure code received was: TLS_HANDSHAKE_FAILED.

Here's what we tried so far:

  • Certificate expiration: Checked on both sides. Both certificates are still valid
  • Certificate chain: Confirmed the certificates are correct
  • Protocol mismatch: Given that sending on one side works and we're only using one certificate for both encryption and signing, this also isn't an issue
  • TLS version: They're using TLS 1.2 so that's also fine
  • Network issues: Confirmed that there's no firewall issues on either side
  • Base64 endpoints: Had them disable it as a test but the same issue still occurs

Is there anything else that needs to be looked into or fixed?

Topics
Migration & Modernization
Tags
AWS Transfer Family
Language
English
asked a year ago368 views
1 Answer
0

Hi,

Greetings for the day!

Please note that TLS_HANDSHAKE_FAILED error means the TLS handshake failure is due to the certificates issues. You would need to update their server to provide both the intermediate and the server certificates for the connector to be able to successfully connect.

Please check if the below documented and validate the configuration satisfy the as2 supported configurations: [+] https://docs.aws.amazon.com/transfer/latest/userguide/infrastructure-security.html [+] https://docs.aws.amazon.com/transfer/latest/userguide/as2-config-etc.html#as2-supported-configurations

If you have any further queries, please feel free to reach out to AWS Support along with your specific error and details, and we would be happy to assist you further.

[+] Creating support cases and case management - https://docs.aws.amazon.com/awssupport/latest/user/case-management.html

AWS
SUPPORT ENGINEER
answered a year ago
  • rePost-User-0216370
    a year ago

    Hi! I checked again and I had uploaded the certificates as normal encryption/signing certs rather than the TLS option (which I'm assuming should've been selected instead, given the error). However, it looks like TLS is only available for self-signed certificates and the certificate I was provided isn't self-signed. In this case, is my only option to ask the partner for a self-signed certificate or is there a way to upload the server and intermediate certificates separately?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content