For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

tdsacilowski_17's avatar
tdsacilowski_17
Icon for Nimbostratus rankNimbostratus
Dec 10, 2014

HTTPS Monitor fails after disabling SSLv3 on Tomcat 7 (APR connector)

I'm currently in the process of upgrading my Tomcat servers to Tomcat 7 using the APR connector with SSLv3 disabled. Here is my connector: Everything seems to be working properly... e.g. going to ...
application delivery
LTM
tdsacilowski_17's avatar
tdsacilowski_17
Icon for Nimbostratus rankNimbostratus
Dec 11, 2014

Seems to be an issue with the Tomcat APR connector. I switched to NIO and added the following in my connector config:

sslProtocol="TLS" sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"

Once I made this change the monitor kicked in immediately. Specifically, it seems that the issue is with the SSLv2Hello handshake. When I removed it from my config the monitor stopped working. This tells me the monitor is relying on the SSLvHello handshake. Is there any way to force the monitor to use TLSv1 instead? I tried specifying that in the cipher list but it didn't seem to help.