Error message: "An SSL error has occurred and a secure connection to the server cannot be made"

Error message: "An SSL error has occurred and a secure connection to the server cannot be made"

4244
Created On 09/19/23 20:46 PM - Last Modified 05/09/25 19:31 PM


Symptom


  • iOS user tries to connect to Globalprotect portal or gateway.
  • Error message "An SSL error has occurred and a secure connection to the server cannot be made" is displayed.

Error message 

  • Agent.log on the iOS GP log display the same error message as well. 
GlobalProtect[25389:9042777] Error: (GPSAMLViewController.mm:265) WebView provisional navigation error <WKNavigation: 0x10707bc00>
Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made."


Environment


  • GlobalProtect App
  • iOS mobile phones 

Cause


  • Some of the needed ciphers were disabled on the SSL profile of the firewall.
  • Base on Apple document IOS requires cipher suites supporting PFS key exchanges, specifically ECDHE.
  • So disabling the needed Ciphers causes the connection to always fail.
  • Other OS have less strict requirements so they allow RSA or DHE key exchanges.

Resolution


  1. Make sure install the last GP iOS version
  2. Enable the ECDHE cipher on firewall  to fix the issue.
  3. Refer to the CLI command below 
>set shared ssl-tls-service-profile gp-ssl-tls protocol-settings keyxchg-algo-ecdhe yes
>commit


Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g2FGCAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail