Diagnosing Handshake Failures

Systematic diagnosis reveals handshake failure causes. Start with basic connectivity tests:

# Test basic connectivity
ping example.com
telnet example.com 443

# Detailed handshake analysis
openssl s_client -connect example.com:443 -showcerts

# Capture handshake packets
sudo tcpdump -i any -s 0 -w handshake.pcap 'tcp port 443'

OpenSSL provides detailed handshake information, showing certificate chains, protocol negotiations, and error messages. Common handshake errors include "sslv3 alert handshake failure" indicating protocol mismatches, "certificate verify failed" showing trust issues, and "no shared cipher" revealing cipher suite incompatibilities.