Forum Discussion

KPS_149915's avatar
KPS_149915
Icon for Nimbostratus rankNimbostratus
Jun 20, 2017

HTTPS monitor failing

Hi All,

 

I have a LTM running 11.4.1 and VIP on this f5. SSL is not terminated on this F5 but terminated on backend server A. The health monitor uses a defualt cipher DEFAULT:+SHA:+3DES:+kEDH to monitor the health of server till recently when the TLSv1.0 was disabled in server the HM now fails. At the moment TLSv1.1 and TLSv1.2 is running of the server. Can someone advise why the HM is failing and any suggestions.

 

Thanks in advance.

 

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    KPS, it seems tls1.2 support came in with v11.5 but I'm not sure about tls1.1. Anyway, have you seen this solution custom SSL ciphers for health monitors?

     

    See what you get back as a list of ciphers using the openssl command. Are tls1.1 ciphers listed at all?

     

    N