Forum Discussion
F5 self IP TLS/SSL hand shake fail with tcp port node member
- Aug 03, 2023
I suspect you're correct on this. The health check types need to be https so there CAN be a handshake. TCP will have no idea what to do with SSL and should not allow a successful ACK.
ALSO..
You could try tcp half open as a type if you REALLY don't care about valid SSL. This will send a SYN, get and SYN-ACK and call it a good response, rather than trying to send an ACK, which should fail because of the SSL, I'd think. If you try this, can you let me know how it goes?
ngockq It seems like your health monitor on TCP 19001 and 19002 is possibly an HTTPS health monitor or an HTTP health monitor and your server is expecting an HTTPS connection on those ports which is causing this error. Typically the F5 will not send any communication to a pool member unless it's explicitly told to do so. Can you please provide the VS, pool, and health monitor configuration so we can attempt to assist you further with this?
- AubreyKingF5Aug 03, 2023
Moderator
I suspect you're correct on this. The health check types need to be https so there CAN be a handshake. TCP will have no idea what to do with SSL and should not allow a successful ACK.
ALSO..
You could try tcp half open as a type if you REALLY don't care about valid SSL. This will send a SYN, get and SYN-ACK and call it a good response, rather than trying to send an ACK, which should fail because of the SSL, I'd think. If you try this, can you let me know how it goes?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com