What are SSL/TLS handshake failures?

SSL/TLS handshake failures prevent secure connections:

What the handshake does:

Establishes encrypted connection. Verifies server identity via certificate. Negotiates encryption parameters. Enables STARTTLS upgrade.

Failure causes:

Certificate expired: Server certificate past validity date. Certificate mismatch: Certificate does not match hostname. Protocol incompatibility: TLS version not supported. Cipher suite mismatch: No common encryption algorithms.

Email impact:

Connection may fall back to unencrypted (if allowed). Strict TLS policies cause delivery failure. 454 or similar codes returned.

Resolution:

Check certificate validity and hostname. Verify TLS configuration. May be receiving server's problem. May need to allow fallback for specific domains.

Handshake failure is a botched secret greeting. The encrypted channel cannot be established.