Forum Discussion

kash_49328's avatar
kash_49328
Icon for Nimbostratus rankNimbostratus
Dec 16, 2014

Big IP LTM sending tcp Resets due to SSL handshake time out ?

Hi F5 gurus, We have a https file transfer going on a daily basis and we are experiencing a big problem here. Client is a java program and server is behind the F5. We are offloading ssl on F5 so we...
application delivery
cisco
LTM
management
performance
TMSH
afedden_1985's avatar
afedden_1985
Icon for Cirrus rankCirrus

Your last update didn't get added to the conversation? Are the resets happening all the time or are some flows working? Is it possible the servers SSL ciphers were updated? With all the SSL issues lately a lot in our shop has been changing to mitigate SSL issues. here are a few commands to check ssl cipher compatibility, you can try this on each of the servers in the pool to see if one of them causing a problem. This curl will test a vip or server to see if it allows sslv3 just use the correct address curl -k -v -3 https://IP.addr/test to test for tls support replace the -3 in the above command with –tls1.2 ex: * curl -k -v -3 https://10.10.34.141/test * and each of the tls versions

 

* curl -k -v -tlsv1.0 https://10.50.2.48/test * curl -k -v -tlsv1.1 https://10.50.2.48/test * curl -k -v -tlsv1.2 https://10.50.2.48/test

 

kash_49328's avatar
kash_49328
Icon for Nimbostratus rankNimbostratus
Dec 17, 2014
We are doing SSL offloading at F5 LB. Both client and F5 use TLSv1 for SSL and communication between F5 and actual server is http.