Forum Discussion

Cirrus

Mar 14, 2020

Client Hello TLS version issue in only one Pool Member.

We have a VIP of 1.1.1.1:443 and Pool having 2 pool members(1.1.1.10:443 and 1.1.1.20:443) and currently running fine on array load balancer. Having encrypted session on both client side and server...

application delivery

LTM

gdoyle

Cirrostratus

Mar 14, 2020

I would verify the SSL profile on the F5 end and the cipher restrictions on the server itself. I would compare the cipher suite on both pool members to see if there is a difference, it may be that the server that is working is allowing TLS1.1, which you don't actually want according to your post.

Rahul_Kaul
Cirrus
Mar 14, 2020
You made 2 statements above and my reply is
1) I verified configuration on both F5 and Array(SSL Profile configuration .pfx certificate and key is mapped(nothing else)). On Array it is working fine.
2) I verified both application server are only processing TLS 1.2 negotiations only and working fine when traffic is passing through Array.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Client Hello TLS version issue in only one Pool Member.

Recent Discussions

301 redirect and waf policy log problem

Big-IP VE edition for MacBook M4 Chip

ASD

Background Tasks

APM with EntraID as idP / request signed

Related Content

7200F Version Upgrade

Restrict client version

2 way ssl facing pool member

Floating IPs on new traffic group members

APM :: Version 13.1 and VMware View

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS