For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

vysakhv90_16564's avatar
vysakhv90_16564
Icon for Nimbostratus rankNimbostratus
Jan 27, 2015

A secure connection cannot be established, error after updating chrome and firefox

I am using F5 LTM for my websites to be load balanced. Recently, after Google Chrome's update, I could find that while accessing the website, it throws an error as shown below:

 

 

Same issue with Firefox (after the update) too, but not with IE. I was pretty sure that the sites were working before. I did tried rejecting SSLv3 (by modifying ciphers), but didn't work.Regarding my certificate, I use a single certificate for 3 different websites (not a wildcard one). When I changed mapping to this website specific certificate, it worked, but not with the one I used so far. Can't I use a single cert for 3 different sites anymore? What could be the issue for this?

 

application delivery
availability
cloud
LTM
management
TMOS
vmware

1 Reply

  • StephanManthey's avatar
    StephanManthey
    Icon for Nacreous rankNacreous
    Jan 27, 2015

    Hi vysakhv90,

    how does your client-ssl profile look like? What TMOS version and hotfix are you using?

    You can test valid cipher strings for your client-ssl profile on CLI by entering i.e.: 
     tmm --clientcipher 'DEFAULT:!SSLv3'
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0:    61  AES256-SHA256                    256  TLS1.2  Native  AES     SHA256  RSA
 1:    53  AES256-SHA                       256  TLS1    Native  AES     SHA     RSA
 2:    53  AES256-SHA                       256  TLS1.1  Native  AES     SHA     RSA
 3:    53  AES256-SHA                       256  TLS1.2  Native  AES     SHA     RSA
 4:    53  AES256-SHA                       256  DTLS1   Native  AES     SHA     RSA
 5:    60  AES128-SHA256                    128  TLS1.2  Native  AES     SHA256  RSA
 6:    47  AES128-SHA                       128  TLS1    Native  AES     SHA     RSA
 7:    47  AES128-SHA                       128  TLS1.1  Native  AES     SHA     RSA
 8:    47  AES128-SHA                       128  TLS1.2  Native  AES     SHA     RSA
 9:    47  AES128-SHA                       128  DTLS1   Native  AES     SHA     RSA
10:    10  DES-CBC3-SHA                     192  TLS1    Native  DES     SHA     RSA
11:    10  DES-CBC3-SHA                     192  TLS1.1  Native  DES     SHA     RSA
12:    10  DES-CBC3-SHA                     192  TLS1.2  Native  DES     SHA     RSA
13:    10  DES-CBC3-SHA                     192  DTLS1   Native  DES     SHA     RSA
14:     5  RC4-SHA                          128  TLS1    Native  RC4     SHA     RSA
15:     5  RC4-SHA                          128  TLS1.1  Native  RC4     SHA     RSA
16:     5  RC4-SHA                          128  TLS1.2  Native  RC4     SHA     RSA
17: 49192  ECDHE-RSA-AES256-SHA384          256  TLS1.2  Native  AES     SHA384  ECDHE_RSA
18: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1    Native  AES     SHA     ECDHE_RSA
19: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.1  Native  AES     SHA     ECDHE_RSA
20: 49172  ECDHE-RSA-AES256-CBC-SHA         256  TLS1.2  Native  AES     SHA     ECDHE_RSA
21: 49191  ECDHE-RSA-AES128-SHA256          128  TLS1.2  Native  AES     SHA256  ECDHE_RSA
22: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1    Native  AES     SHA     ECDHE_RSA
23: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.1  Native  AES     SHA     ECDHE_RSA
24: 49171  ECDHE-RSA-AES128-CBC-SHA         128  TLS1.2  Native  AES     SHA     ECDHE_RSA
25: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1    Native  DES     SHA     ECDHE_RSA
26: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.1  Native  DES     SHA     ECDHE_RSA
27: 49170  ECDHE-RSA-DES-CBC3-SHA           192  TLS1.2  Native  DES     SHA     ECDHE_RSA

    Thanks, Stephan