Forum Discussion
tdsacilowski_17
Nimbostratus
NimbostratusHTTPS Monitor fails after disabling SSLv3 on Tomcat 7 (APR connector)
I'm currently in the process of upgrading my Tomcat servers to Tomcat 7 using the APR connector with SSLv3 disabled. Here is my connector:
Everything seems to be working properly... e.g. going to ...
nitass
Employee
Employeecan you try ssldump monitor traffic?
ssldump -Aed -nni 0.0 host x.x.x.x and host y.y.y.y and port zzz
x.x.x.x is non-floating self ip on pool member vlan
y.y.y.y is pool member ip
zzz is pool member port
i do see tls 1.0 (version 3.1) on 10.2.4 unit here.
configuration
[root@ve10a:Active] config tmsh list ltm pool foo
ltm pool foo {
members {
200.200.200.101:https {
session monitor-enabled
}
}
monitor myhttps
}
[root@ve10a:Active] config tmsh list ltm monitor https myhttps
ltm monitor https myhttps {
cipherlist "DEFAULT"
compatibility "enabled"
defaults-from https
interval 5
send "GET /\r\n"
time-until-up 0
timeout 16
}
ssldump
[root@ve10a:Active] config ssldump -Aed -nni 0.0 host 200.200.200.101 and port 443
New TCP connection 1: 200.200.200.15(47647) <-> 200.200.200.101(443)
1 1 1418277963.7661 (0.0021) C>SV3.1(98) Handshake
ClientHello
Version 3.1
random[32]=
54 89 34 4b 5f 01 b2 f2 78 40 27 65 6e 21 b7 0b
dc 7a 94 61 92 36 dc 23 ad 81 b4 a4 d0 31 da 1a
resume [32]=
c7 09 9b ad 17 b5 09 e7 78 c1 91 91 87 64 a9 42
69 1b 87 60 ed 45 fd d2 39 97 41 6b 19 4d e8 c5
cipher suites
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_SHA
Unknown value 0xff
compression methods
unknown value
NULL
