Forum Discussion

srastogi_212141's avatar
srastogi_212141
Icon for Nimbostratus rankNimbostratus
Aug 02, 2017

BIG-IP SSL 12.1 Handshake Failure

I am trying to install a certificate on F5 v 12.1.1. I am using iControl v 13.0.0. When calling the getVersion() method I am getting below SSL exception. Exception occured while calling iControl Service API Caused by: javax.net.ssl.SSLProtocolException: Signature algorithm mismatch at org.apache.axis.AxisFault.makeFault(AxisFault.java:101) Any help here would be appreciated.

 

BIG-IP
BIG-IP DNS
devops
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Aug 02, 2017

    Looks like a protocol mismatch. What TLS version are you making your call with/allow? Have you locked down httpd on the box to use a specific TLS version?

     

  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Aug 02, 2017

    Looks like a protocol mismatch. What TLS version are you making your call with/allow? Have you locked down httpd on the box to use a specific TLS version?

     

    • srastogi_212141's avatar
      srastogi_212141
      Icon for Nimbostratus rankNimbostratus
      Aug 04, 2017

      We are not explicitly setting any TLS version. The call is made through iControl (v 13.0.0) jar only, probably it is using the Java 1.8u121 protocols by default which us TLS 1.2, if there aren't any specific protocols used. I am checking for any httpd side configuration on F5 box. Just checked the /ltm logs from the box:

       

      CIC_test info tmm1[10811]: 01260013:6: SSL Handshake failed for TCP x.x.x.x:44932 -> y.y.y.y:443 CIC_test warning tmm1[10811]: 01260009:4: Connection error: ssl_hs_rxhello:7295: unsupported version (40)

       

      Not sure if these can help.

       

  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Aug 02, 2017

    Looks like a protocol mismatch. What TLS version are you making your call with/allow? Have you locked down httpd on the box to use a specific TLS version?

     

    • srastogi_212141's avatar
      srastogi_212141
      Icon for Nimbostratus rankNimbostratus
      Aug 04, 2017

      We are not explicitly setting any TLS version. The call is made through iControl (v 13.0.0) jar only, probably it is using the Java 1.8u121 protocols by default which us TLS 1.2, if there aren't any specific protocols used. I am checking for any httpd side configuration on F5 box. Just checked the /ltm logs from the box:

       

      CIC_test info tmm1[10811]: 01260013:6: SSL Handshake failed for TCP x.x.x.x:44932 -> y.y.y.y:443 CIC_test warning tmm1[10811]: 01260009:4: Connection error: ssl_hs_rxhello:7295: unsupported version (40)

       

      Not sure if these can help.