For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rahul_Kaul's avatar
Rahul_Kaul
Icon for Cirrus rankCirrus
Mar 14, 2020

Client Hello TLS version issue in only one Pool Member.

We have a VIP of 1.1.1.1:443 and Pool having 2 pool members(1.1.1.10:443 and 1.1.1.20:443) and currently running fine on array load balancer. Having encrypted session on both client side and server...
application delivery
LTM
gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
Mar 14, 2020

I would verify the SSL profile on the F5 end and the cipher restrictions on the server itself. I would compare the cipher suite on both pool members to see if there is a difference, it may be that the server that is working is allowing TLS1.1, which you don't actually want according to your post.

Rahul_Kaul's avatar
Rahul_Kaul
Icon for Cirrus rankCirrus
Mar 14, 2020

You made 2 statements above and my reply is

1) I verified configuration on both F5 and Array(SSL Profile configuration .pfx certificate and key is mapped(nothing else)). On Array it is working fine.

2) I verified both application server are only processing TLS 1.2 negotiations only and working fine when traffic is passing through Array.