For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bhargav_9588's avatar
Bhargav_9588
Icon for Nimbostratus rankNimbostratus
Oct 24, 2008

handshake_failure

Hello,     After upgrading LTM to 9.3.1 we started noticing "handshake_failure" errors with java clients that are trying to connect to https://www.***.com/ (virtual server in LTM with Clien...
dev
devops
iControl
Bhargav_9588's avatar
Bhargav_9588
Icon for Nimbostratus rankNimbostratus
Oct 24, 2008
Thanks Aaron!

 

 

I have tried s_client and I see the following (handshake failure):

 

 

openssl s_client -connect www.xyz.com:443 -CAfile ../../IssuingCA.cer

 

CONNECTED(00000004)

 

depth=1 /emailAddress=email@xyz.com/C=**/ST=**/L=***/O=Corp./OU=Corporate/CN=Corp. CA

 

verify error:num=2:unable to get issuer certificate

 

issuer= /emailAddress=cisinfrastructure@aes.com/C=**/ST=**/L=***/O=The XYZ Corp./OU=Corporate/CN=Root CA

 

verify return:0

 

1618:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:

 

 

It works fine with no issues from browser. We started seeing issues with java clients after upgrading LTM.

 

 

I have not made success yet to decrypt tcpdump file using ssldump.

 

 

Thanks in advance.