Forum Discussion

Nimbostratus

Sep 07, 2015

Health check fails on HTTPS, even though port is open

I am basically using the F5 as a proxy for an HTTPS service, but when I use the built-in https health check to monitor the pool, it fails. The port is definitely open as it responds to direct browse...

MVP

Sep 08, 2015

You can also try to run this command to see if there's a problem with the handshake and see what cipers that's accepted.

echo "Q" | openssl s_client -connect www.site.com:443

Perhaps your server SSL profile has an incompatible accepted ciphers string? Or perhaps the web service uses a client certificate?

You can test the default cipher by running this command (this cipher string is the default from 11.5.0-11.5.3):

echo "Q" | openssl s_client -connect www.site.com:443 -cipher '!SSLv2:!SSLv3:!MD5:!EXPORT:RSA+AES:RSA+3DES:RSA+RC4:ECDHE+AES:ECDHE+3DES:ECDHE+RC4'

You can find the default ciphers here: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html

/Patrik

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Health check fails on HTTPS, even though port is open

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Need to make 2 Virtual Appliance in r4600 F5

Disabling signature for a URL

XC - geo LB to the origin servers

F5 LACP

Terraform LTM provider - ICMP disabled on resulting VIPs

Related Content

F5 HTTPS Redirect 2025

Health Check is returning HTTP code 302

Simplifying Application Health Monitoring with F5 BIG-IP

HTTP Health Monitor Failure Behavior

F5 Distributed Cloud - Regional Edge Health Monitoring Insights

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS