Forum Discussion

kgaigl's avatar
kgaigl
Icon for Cirrocumulus rankCirrocumulus
Dec 09, 2021

HTTPS Monitor fails after changing TLS Version

Hello,

following problem:

we've some pools with https monitors like this:

send string:GET /some/pingservlet HTTP/1.0\r\n\r\n
receive string: 200 OK

no alias service port, no server ssl-profile

now the server admin changed on the server from apache with tls 1.0 to tomcat with tls 1.2

after that the monitor fails, but when I change on the pool the monitor to tcp or something like this, the server is up and now I change the monitor back to the original https monitor, the server is still up

when I check with curl -vk when the Server marks down i could still see "HTTP/1.1 200 OK"

Any idea, why the the monitor fails and after change and change back the monitor shows up?

Thank You

  • f***

    I think I've found the cause:

    https://cdn.f5.com/product/bugtracker/ID953601.html

     

  • kgaigl's avatar
    kgaigl
    Icon for Cirrocumulus rankCirrocumulus

    f***

    I think I've found the cause:

    https://cdn.f5.com/product/bugtracker/ID953601.html

     

  • Please add the http version 1.1 and host header in send sting keep receive string as same.

     

    Example :

     

    GET /some/pingservlet HTTP/1.1\r\nHost:* \r\nConnection: Close\r\n\r\n

    or

    GET /some/pingservlet HTTP/1.1\r\nHost:abc.com \r\nConnection: Close\r\n\r\n

  • kgaigl's avatar
    kgaigl
    Icon for Cirrocumulus rankCirrocumulus

    thank you, but option 1 didn't mak it better, option 2 we can't use because we use one monitor for multiple pools