SSL handshakes fail when a discrepancy occurs between the cipher suites and cipher strengths used by clients and servers. If you enable SSL connections between Access Gateway and the browser or between Access Gateway and the web servers, ensure that both sides are configured to support the same cipher suites and cipher strengths. This is especially important if you enable the options to enforce 128-bit encryption (see Configuring TCP Listen Options for Clients).
Access Gateway Service relies upon Apache to perform the SSL handshake, and Apache does not log the cause of SSL handshake failures, even when the log level is set to debug. To determine whether cipher strengths are the source of your problem, disable the options to enforce 128-bit encryption (see Configuring TCP Listen Options for Clients). If users are then able to authenticate, verify the cipher strengths (configured for the browsers and web servers) are compatible with Access Gateway.