FortiADC logs all the Server Load Balance Virtual Server SSL handshake error/warning messages in the SLB Event logs if the SLB event log category is enabled.

The error logs can contain some generic error messages generated by the OpenSSL library. It may be misleading by the SSL handshake error logs as the message contains an SSLv3 error, which misunderstood that the FortiADC is using the SSL protocol version SSLv3 even though the SSLv3 version is disabled in the SSL profile.

Example of the SSL handshake error on FortiADC v7.6.4.

• SLB Event log shows the error message 'sslv3 alert certificate unknown'.

• SLB Event log shows the error message 'sslv3 alert certificate expired'.

Example of the SSL handshake error on FortiADC v8.0.1.

• The latest OpenSSL library has fixed the generic error log messages, which the FortiADC firmware version of v8.0.1 or later would have the SSL error log messages being fixed.
• SLB Event log shows the error message 'ssl/tls alert certificate unknown'.

Related document: