Search code examples
windowsevent-viewerschannel

What are the Schannel TLS fatal alert codes?


Where can I find a definition of the Windows Schannel fatal alerts codes that show up in Event Viewer? For instance:

  • A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
  • A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.

Solution

  • The alert codes are defined at:

    https://learn.microsoft.com/en-us/windows/win32/secauthn/schannel-error-codes-for-tls-and-ssl-alerts

        40 = SSL3_ALERT_HANDSHAKE_FAILURE
        42 = TLS1_ALERT_BAD_CERTIFICATE
        43 = TLS1_ALERT_UNSUPPORTED_CERT
        44 = TLS1_ALERT_CERTIFICATE_REVOKED
        45 = TLS1_ALERT_CERTIFICATE_EXPIRED
        46 = TLS1_ALERT_CERTIFICATE_UNKNOWN
        48 = TLS1_ALERT_UNKNOWN_CA
        70 = TLS1_ALERT_PROTOCOL_VERSION