problem registrar EPP connection - timeout - ERROR: socket.sslerror: _ssl.c:477

One of our registrars is facing a problem making an EPP connection to our .mw registry running FRED. The connection sometimes succeeds and sometime it fails with "ERROR: socket.sslerror: _ssl.c:477" - on a random on-and-off scenario that seems rather random, we cannot tell when it will fail or succeed. After many observations, I requested the registrar to install fred-client so that I can also test the connection from their end. Sessions look like the ones copied here below where one session was successful to conned and the other one failed. I have looked at this in detail and I need help to check what is really going on. I have now done a TCPDUMP of these connections and the result is copied as here attached, one for a successful connection and one for a failed connection. You will see that in the failed connection TCPDUMP shows that the fred-client on 88.208.201.35 was talking to the FRED server on 196.45.190.7 but the fred-client appears to stop listening even though the FRED server makes a few more attempts to the fred-client. The registrar is experiencing the same for their own client, it sometimes connects successfully and sometimes fails with no predictable pattern. My logs including those on DAPHNE show that most other registrars are connecting ok with no such problems. Can you help check what the problem could be with this one registrar? Is there another log that I can check to see what exactly is causing these connections to fail? Regards, Paulos ====================== Dr Paulos B Nyirenda NIC.MW & .mw ccTLD http://www.registrar.mw [######## successful connection #############] paulos@ndovu [~/fred-client-2.8.0]# ./fred-client Czech translation not available FredClient PACKAGE_VERSION Type "help", "license" or "credits" for more information. Using configuration from conf/fred-client.conf Connecting to ngoli.sdnp.org.mw, port 700 ... Connected! AFRIREGISTER-REG(a)ngoli.sdnp.org.mw> quit Logout command sent to server Ending session at ngoli.sdnp.org.mw Disconnected. [######## failed connection #############] paulos@ndovu [~/fred-client-2.8.0]# ./fred-client Czech translation not available FredClient PACKAGE_VERSION Type "help", "license" or "credits" for more information. Using configuration from conf/fred-client.conf Connecting to ngoli.sdnp.org.mw, port 700 ... ERROR: socket.sslerror: _ssl.c:477: The handshake operation timed out (ngoli.sdnp.org.mw:700) paulos@ndovu [~/fred-client-2.8.0]# --- This email has been checked for viruses by AVG. https://www.avg.com -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. The following section of this message contains a file attachment prepared for transmission using the Internet MIME message format. If you are using Pegasus Mail, or any other MIME-compliant system, you should be able to save it or view it from within your mailer. If you cannot, please ask your system administrator for assistance. ---- File information ----------- File: afriregister-reg-tcpdump-ok-and-failed-EPP-connection-25-7-18.txt Date: 25 Jul 2018, 15:09 Size: 8110 bytes. Type: Text