Forum Discussion
Cipher negotiated between F5 and Node
- Dec 06, 2020
Here's what you could had done,
1. Run the tmm --clientciphers <suite> command in both the versions and see the difference. Don't forget to frame the command with your existing cipher suite.
2. As you suspect the issue is on the server side, you can run the same command like,
tmm ---serverciphers <suite> and identify the differences. If it's DEFAULT, use DEFAULT.
3. Other option is to use the openssl/curl command to be run against your nodes to see which cipher was selected. I prefer openssl.
4. The easiest way would be to map an irule to log the ciphers. If you want client side, use clientssl_handshake event, since you need on serverside, use serverssl_handshake event and log below entries.
SSL Version - [SSL::cipher version]
Cipher Name - [SSL::cipher name]
Bits Strength - [SSL::cipher bits]
If you need help in framing Irule, let us know.
Here's what you could had done,
1. Run the tmm --clientciphers <suite> command in both the versions and see the difference. Don't forget to frame the command with your existing cipher suite.
2. As you suspect the issue is on the server side, you can run the same command like,
tmm ---serverciphers <suite> and identify the differences. If it's DEFAULT, use DEFAULT.
3. Other option is to use the openssl/curl command to be run against your nodes to see which cipher was selected. I prefer openssl.
4. The easiest way would be to map an irule to log the ciphers. If you want client side, use clientssl_handshake event, since you need on serverside, use serverssl_handshake event and log below entries.
SSL Version - [SSL::cipher version]
Cipher Name - [SSL::cipher name]
Bits Strength - [SSL::cipher bits]
If you need help in framing Irule, let us know.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com