handshake_failure

It looks like an SSL handshake error, but the client program isn't giving details on the actual SSL error. It could be a cipher issue. Can you use openssl s_client to test? That should give you more debug information. Else, you could use ssldump on the BIG-IP to capture a trace of the problem.

 

 

You can use tcpdump to capture the encrypted traffic failure:

 

 

tcpdump -i0.0 -s0 -w/var/tmp/encrypted.dmp host 1.1.1.1

 

 

-i 0.0 captures on all switch interfaces

 

-w writes the output to a binary file

 

host 1.1.1.1 filters on traffic to/from 1.1.1.1

 

 

Make sure to start the tcpdump before the client establishes a connection to the VIP. SOL411 (Click here) has more detail on using tcpdump.

 

 

You can then use ssldump to decrypt the tcpdump file.

 

 

 

https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7823.html

 

 

ssldump -AdneN -r/var/tmp/encrypted.dmp -k/path/to/server.key >/var/tmp/decrypted.txt

 

 

 

 

Where /var/tmp/encrypted.dmp is the tcpdump file, /path/to/server.key is the path to the server's (VIP) SSL key, and /var/tmp/decrypted.txt is the cleartext output file. You can run ssldump on the BIG-IP or a windows host. For details on the command, check the man page: man ssldump.

 

 

Also, there is a forum for Advanced Configuration (Click here) where you might get more relevant eyes on your post.

 

 

Aaron