KB 13: TLS decryption: Handshake fails

Published December 19, 2023Modified on March 28, 2024


This page means that Olfeo SaaS and the machine serving the requested domain were unable to establish a TLS connection before the request was processed. This can happen for a number of reasons, including the configuration of the server or the certificate of the remote site itself.

But why would a workstation not protected by Olfeo SaaS agree to display this page?

The difference between Olfeo SaaS and a "standard" browser lies in a fundamental difference in approach. The aim of a browser is to display as many pages as possible, even if this means making concessions on connection security. The objective of Olfeo SaaS is to provide secure browsing, and therefore necessarily a little stricter.

What to do?

You can contact the site administrator to report a probable configuration problem with the server and/or the TLS certificate associated with the domain.

You can set this domain to exclude decryption. The content of responses will not be analyzed, but your users' requests will be logged.

Find out more about TLS and decryption...

Understanding How HTTPS Works?

The TLS protocol (wikipedia)

ANSSI security recommendations for companies using TLS.