Forum Discussion
Hannes_Rapp
Apr 28, 2016Nimbostratus
Question:
- If you configure the Pool Member in first case, I suppose you send requests to a SSL-enabled port on Windows Server 2012, and have also configured ServerSSL profile in VS config? Or in short, are you looking to deploy SSL decrypt, SSL re-encrypt solution on BigIP?
If that's the case, there's one thing worth looking into.
- I don't know if also the case with Windows Server 2012, but in case of ServerSSL between BigIP and Windows Server 2008, the SSL handshake tends to fail, resulting in TCP teardown. The easiest solution is to enforce explicit use of TLSv1.0 on the Server-SSL profile, there also are some workarounds for the Windows Server config, but they take a bit more time and are harder to implement.
Apart from possible ServerSSL issues, I cannot think of anything else as a likely root cause here.
Have a look here for reference solution: https://devcentral.f5.com/questions/regarding-cipher-negotiation-for-ltm