Forum Discussion
afedden_1985
Cirrus
Your last update didn't get added to the conversation? Are the resets happening all the time or are some flows working? Is it possible the servers SSL ciphers were updated? With all the SSL issues lately a lot in our shop has been changing to mitigate SSL issues. here are a few commands to check ssl cipher compatibility, you can try this on each of the servers in the pool to see if one of them causing a problem. This curl will test a vip or server to see if it allows sslv3 just use the correct address curl -k -v -3 https://IP.addr/test to test for tls support replace the -3 in the above command with –tls1.2 ex: * curl -k -v -3 https://10.10.34.141/test * and each of the tls versions
* curl -k -v -tlsv1.0 https://10.50.2.48/test * curl -k -v -tlsv1.1 https://10.50.2.48/test * curl -k -v -tlsv1.2 https://10.50.2.48/test
kash_49328
Dec 17, 2014Nimbostratus
We are doing SSL offloading at F5 LB. Both client and F5 use TLSv1 for SSL and communication between F5 and actual server is http.