For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bjoern-30_35567's avatar
Bjoern-30_35567
Icon for Nimbostratus rankNimbostratus
Mar 27, 2018

Combine SSL Handshake failed messages with cause

Hello,   if an SSL Handshake fails the F5 LTM creates for example the following log entry   info tmm1[11382]: 01260013:6: SSL Handshake failed for TCP S_IP:S_Port -> Dest_IP:Dest_Port   and...
LTM
security
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Mar 27, 2018

I am wondering what is the output of 

[SSL::cipher name]
in CLIENTSSL_CLIENTHELLO event

In this event, the client send a list of ciphers, not only one.

same for the TLS version.

  • if the client support TLS 1.1, the client send a TLS packet with version 1.0 (0x0301) with handshake version of 1.1 (0x0302)
  • if the client support TLS 1.2, the client send a TLS packet with version 1.0 (0x0301) with handshake version of 1.2 (0x0303)
  • if the client support TLS 1.3, the client send a TLS packet with version 1.0 (0x0301) with handshake version of 1.2 (0x0303) and with supported_version extension of 1.3 (0x0304 for approved TLS 1.3 client, 0x7FXX for TLS 1.3 draft compatible clients)

the output of 

log local0.info " [IP::client_addr] [SSL::cipher name] [SSL::cipher version]"
should be interesting