Forum Discussion
mikemich_131967
Nimbostratus
NimbostratusHTTPS Monitor not working but same monitor for HTTP does
I am running an HTTPS monitor below. When i apply the health check in HTTP it works fine but when I add it to HTTPS Monitor it doesn't work. I have used HTTPS monitors before and I am stuck on why ...
nitass
Employee
Employeeadditionally, you may try tcpdump/ssldump to see what is going on.
tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x and host y.y.y.y and port zzz -v
x.x.x.x is non floating self ip on server vlan
y.y.y.y is server (pool member) ip
zzz is server (pool member) port number
sol10209: Overview of packet tracing with the ssldump utility
http://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html
Ellison_Zhang_2Nimbostratus
NimbostratusWhat version of TLS/SSL does F5 use(11.3). Here is my ssldump output. Seems Service directly send FIN to client after two tries to use SSL2.0 and SSL3.0.
would you help me to check what's wrong?
New TCP connection 1: xxx.xxx.xxx.xxx(44432) <-> xxx.xxx.xxx.xxx(8175)
1 1 0.0022 (0.0022) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL2_CK_3DES
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
Unknown value 0x45
Unknown value 0x44
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL2_CK_RC2
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
SSL2_CK_RC4
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
SSL2_CK_DES
TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL2_CK_RC2_EXPORT40
TLS_RSA_EXPORT_WITH_RC4_40_MD5
SSL2_CK_RC4_EXPORT40
Unknown value 0xff
1 0.0067 (0.0044) S>C TCP FIN
New TCP connection 2: xxx.xxx.xxx.xxx(44433) <-> xxx.xxx.xxx.xxx(8175)
2 1 0.0022 (0.0022) C>S Handshake
ClientHello
Version 3.0
cipher suites
SSL_DHE_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_DSS_WITH_AES_256_CBC_SHA
SSL_RSA_WITH_AES_256_CBC_SHA
SSL_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
SSL_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA
SSL_RSA_WITH_CAMELLIA_256_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_AES_128_CBC_SHA
SSL_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_AES_128_CBC_SHA
Unknown value 0x45
Unknown value 0x44
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL_RSA_EXPORT_WITH_RC4_40_MD5
Unknown value 0xff
compression methods
unknown value
NULL
2 0.0058 (0.0035) S>C TCP FIN
New TCP connection 3: xxx.xxx.xxx.xxx(44465) <-> xxx.xxx.xxx.xxx(8175)
Version 2 Client.
3 0.0049 (0.0049) S>C TCP FIN
3 0.0118 (0.0068) C>S TCP FIN
2 0.0355 (0.0297) C>S TCP FIN
1 0.0545 (0.0477) C>S TCP FIN
