Forum Discussion

John_Ogle_45372's avatar
John_Ogle_45372
Icon for Nimbostratus rankNimbostratus
Jul 15, 2013

https - cipher string

Can someone give me the correct syntax to make only this cipher work in the ssl negotiation?   SSLv3 (not TLSv1) using the TLS_RSA_WITH_RC4_128_SHA (RC4-SHA group).   Thank you,  
config
design
John_Ogle_45372's avatar
John_Ogle_45372
Icon for Nimbostratus rankNimbostratus
Jul 16, 2013

Thank you! It looks like it is still failing. Please review the output of the working version using CURL and the failing https monitor. What could be different?

 

LTM https monitor - failing

 

New TCP connection 1: 172.16.31.8(37464) <-> X.X.X.X(443)

 

1 1 1373985585.6667 (0.0685) C>SV3.1(54) Handshake

 

ClientHello

 

Version 3.1

 

random[32]=

 

51 e5 5b 31 47 83 b8 47 59 fd 5c 96 35 c9 86 b4

 

9c b7 3c e0 bb 30 45 d5 ce 65 a6 95 60 37 11 ad

 

cipher suites

 

TLS_RSA_WITH_3DES_EDE_CBC_SHA

 

Unknown value 0xff

 

compression methods

 

unknown value

 

NULL

 

1 2 1373985585.7383 (0.0716) S>CV3.0(2) Alert

 

level fatal

 

value unexpected_message

 

1 3 1373985585.7383 (0.0000) S>CV3.0(2) Alert

 

level warning

 

value close_notify

 

1 1373985585.7383 (0.0000) S>C TCP FIN

 

1 1373985585.7391 (0.0007) C>S TCP RST

 

 

 

curl -kv3 https://hostname.company.com - SUCCESSFUL

 

New TCP connection 1: 172.16.31.8(37522) <-> X.X.X.X(443)

 

1 1 1373985669.4538 (0.0901) C>SV3.0(96) Handshake

 

ClientHello

 

Version 3.0

 

random[32]=

 

51 e5 5b 85 e5 10 f7 38 f9 1b 1d 1f cb cd 09 12

 

df bc 08 de 1a e1 1f b7 66 84 5e e3 03 e7 2b e4

 

cipher suites

 

SSL_DHE_RSA_WITH_AES_256_CBC_SHA

 

SSL_DHE_DSS_WITH_AES_256_CBC_SHA

 

SSL_RSA_WITH_AES_256_CBC_SHA

 

SSL_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

 

SSL_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA

 

SSL_RSA_WITH_CAMELLIA_256_CBC_SHA

 

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

 

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

 

SSL_RSA_WITH_3DES_EDE_CBC_SHA

 

SSL_DHE_RSA_WITH_AES_128_CBC_SHA

 

SSL_DHE_DSS_WITH_AES_128_CBC_SHA

 

SSL_RSA_WITH_AES_128_CBC_SHA

 

Unknown value 0x45

 

Unknown value 0x44

 

SSL_DHE_RSA_WITH_AES_128_CBC_SHA256

 

SSL_RSA_WITH_RC4_128_SHA

 

SSL_RSA_WITH_RC4_128_MD5

 

SSL_DHE_RSA_WITH_DES_CBC_SHA

 

SSL_DHE_DSS_WITH_DES_CBC_SHA

 

SSL_RSA_WITH_DES_CBC_SHA

 

SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

 

SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

 

SSL_RSA_EXPORT_WITH_DES40_CBC_SHA

 

SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5

 

SSL_RSA_EXPORT_WITH_RC4_40_MD5

 

Unknown value 0xff

 

compression methods

 

unknown value

 

NULL

 

1 2 1373985669.5154 (0.0615) S>CV3.0(42) Handshake

 

ServerHello

 

Version 3.0

 

random[32]=

 

51 e5 5b ab eb d1 e6 12 d7 01 60 d7 7a eb 64 7d

 

04 00 14 51 62 81 dc 41 9b 14 6a 0c 06 4b ad b8

 

session_id[0]=

 

 

cipherSuite SSL_RSA_WITH_3DES_EDE_CBC_SHA

 

compressionMethod NULL

 

1 3 1373985669.5727 (0.0573) S>CV3.0(3716) Handshake

 

Certificate

 

1 4 1373985669.5727 (0.0000) S>CV3.0(4) Handshake

 

ServerHelloDone

 

1 5 1373985669.5765 (0.0038) C>SV3.0(260) Handshake

 

ClientKeyExchange

 

EncryptedPreMasterSecret[256]=

 

9f 04 87 7e e0 a6 cb b9 9d 1e bd f7 d7 etc, etc

 

 

1 6 1373985669.5765 (0.0000) C>SV3.0(1) ChangeCipherSpec

 

1 7 1373985669.5765 (0.0000) C>SV3.0(64) Handshake

 

1 8 1373985669.6500 (0.0734) S>CV3.0(1) ChangeCipherSpec

 

1 9 1373985669.6507 (0.0007) S>CV3.0(64) Handshake

 

1 10 1373985669.6524 (0.0016) C>SV3.0(192) application_data

 

1 11 1373985669.7207 (0.0683) S>CV3.0(152) application_data

 

1 12 1373985669.7207 (0.0000) S>CV3.0(168) application_data

 

1 13 1373985669.7211 (0.0004) S>CV3.0(64) application_data

 

1 14 1373985669.7869 (0.0657) S>CV3.0(24) application_data

 

1 15 1373985669.7869 (0.0000) S>CV3.0(384) application_data

 

1 16 1373985669.7880 (0.0010) C>SV3.0(24) Alert

 

1 1373985669.7898 (0.0018) C>S TCP FIN

 

1 17 1373985669.8591 (0.0692) S>CV3.0(24) Alert

 

1 1373985669.8591 (0.0000) S>C TCP FIN