confirm client TLS cert and Cipher

Question

hello, &nbsp;
i have a VS with client SSL profile has 2 certificates and when client try to connect i can see on profile statistics that he has invalid certificate and when i captured the traffic i didn't see any TLS handshake only TCP!!!, from his side he sent to me a log file that confirm that he is using the right client certificates and one of F5 default TLS1.2 cipher suite with error of TLS handshake failure....&nbsp;
From F5 side how can i make sure of the certificates he is connected with and its cipher ?????? &nbsp;

ahmedgalal219_3 · Answer

nothing???&nbsp;

stanislas_piro2 · Answer

If in capture, you don’t see TLS handshake, you can’t do anything on f5 side!!!&nbsp;
In TLS, the first packet is CLIENTHELLO from client. If the client doesn’t send it, the F5 will reject the connection.&nbsp;

surgeon · Answer

What port are you using on your VIP? 443? if not then it might happen that wireshark can not decode it. Just decode the traffic as SSL and you should see ssl traffic.&nbsp;
Also check if the client hits the big-ip at all.&nbsp;

Forum Discussion

confirm client TLS cert and Cipher

Recent Discussions

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

Related Content

Cipher Suite Practices and Pitfalls

LTM Cipher rule

Disabling Specific Weak Cipher Suites

Cipher Suites Supported (12.1.5.3)

Display a warning on client browser when cipher suite mismatch

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS