Forum Discussion
NimbostratusCloudFlare 525 Errors - f5 fix?
Nimbostratus-
the cipher suites are compatible. I made comparisons and even matched CFs entire list and applied it to the f5s. didn't change the error condition
-
SNI isn't being used. rather, none of the checkboxes or the server name field have any data. as an FYI, there are 3 websites/domains that go to this VIP, but they share one ssl cert with all 3 domain names in it. the cert I'm using does have all 3 domain names (san) in it.
-
Yes and no. I tried but the nginx proxy isn't configured to handle that ssl traffic and would require other resources to do it, which I can do if necessary.
-
There are some weird logs on the f5 that I see; but they don't seem to correlate with the 525s.
- cf_525_pain_310
I actually split up the sites into 3 vips (all using the same ssl profile settings but I created 3 separate ssl client profiles) - specifically so that I could change up any ssl profile settings that were suggested, and only impact one site at a time (the least important one).
- cf_525_pain_310
- I noticed it right away. we actually saw a browser display that 525 error, then had trouble repro'ing it...it happens less than 1% of requests. but I have Catchpoint, I see a few of them in those automated tests each day and many on the cloudflare dashboard. so this could simply be exposing a preexisting condition that now manifests in a browser error. but, I wasn't seeing basic websites tests fail just trying to hit an https page this like does at times.
