Forum Discussion

Archana's avatar
Archana
Icon for Nimbostratus rankNimbostratus
Jan 04, 2024

SSL handshake failed

Hello All,  We have added our webserver to F5 and attached it to Virtual server. We can see Local traffic data in Statistics for the Pool.  But we are getting SSL Handshake failed for TCP x.x.x...
Archana's avatar
Archana
Icon for Nimbostratus rankNimbostratus

Hello, 

Thank you for all the steps mentioned. I have created a SSL Traffic certificate and added it to our website. Still getting SSL handshake failed between Website and F5. 

Also we have "serverssl" configured in our Virtual IP. 

Could you please let us know how to disable the SSL certificate check from F5 BIG-IP and Webserver? 

Your assist will be of great help to us. 

Thanks 
Muthu Mahadevan 

PhatANhappy's avatar
PhatANhappy
Icon for MVP rankMVP
Jan 09, 2024

your options for SSL traffic are:

passthru, no client side or server side on the vip   (you cant use cookie or do any kind of irules / inspection with this)

Offloading Client side on vip - no server side,  this will decrypt traffic and send clear case back to server.

Bridging - both client side and server side SSL certs are needed.   ** unless you are changing something in the profile to add value, you should use serverssl.  Adding the client side cert to the server side of the f5 - makes things mess when it comes to updating certs and or reading tcpdumps etc.

https://community.f5.com/t5/technical-forum/ssl-passthrough-ssl-offloading-and-ssl-bridging/td-p/197081

You have not addressed:
is this internal only - or on the internet ?
Is there something you are trouble shooting and you are sure you are accuratly looking at the correct conversation or are you trying to clean the noise in the logs.