Forum Discussion

Manu_Nair's avatar
Manu_Nair
Icon for Cirrus rankCirrus
Nov 22, 2017

F5 connection reset in SSL handshake

Hello,

 

I am encountering an odd issue related to SSL. We are performing SSL offloading in F5 for a VIP. I observed Some functionality of the webpage is not working. When bypassed the F5 (Accessed direct servers but the service port is different), the webpage works fine. Issue is only over HTTPS.

 

In SSL DUMP There will be a TCP RST at the end of this stream

 

And one more thing that is odd that i am seeing is, there are two SSL layer in a frame, in the TCP dump that was captured.

 

Image :

 

 

application delivery
BIG-IP
LTM
  • John_F_141440's avatar
    John_F_141440
    Icon for Nimbostratus rankNimbostratus
    Nov 24, 2017

    From the looks of your SSLdump. It looks like the client and server handshake can't agree on a cipher. Are you only running SSLv3 ciphers? What version of code are you running? I would check to see if your version's Default set of ciphers has one that your server can negotiate.

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Nov 24, 2017

    For me it looks like the SSL handshake completes successfully, as you see application data being set.

     

    To me the issue is with the application traffic. Is it a http application and has the Vs got a http profile assigned? Is it a custom one if so, or the default http profile? Any http iRules on this VIP?

     

    Depending on above I might replace the http profile with the default one and remove any iRules temporarily.

     

    If no joy then we'll need the private key to decrypt the traffic to see what's going on. Or, if you use httpfox or fiddler what is the client request being sent??

     

    HTH,

     

    NB