Forum Discussion
jfotopoulos_278
Nimbostratus
NimbostratusHTTPS/SSL failing on Windows clients
Hi,
we have recently purchased a BigIP VE (12.1) and are initially configuring it, but we are having a very strange problem where any browser from a mac or a linux client can successfully connect t...
I have finally found out the problem. It had nothing to do with the ssl part. The whole issue was with a kernel sysctl option, net.ipv4.tcp_tw_recycle. This should have been set to "0" instead of "1".
The strange thing about this that lead me to blame the ssl part was that problems only appeared with the backend system kernel version 4. One of our other backend servers is on kernel version 3.x.x and also had the same sysctl setting. We had no issues with this VS and the ssl certificate with the exact same setup. What is still troubling me is why did the problem only occur with windows clients and not with macosx or linux clients?
After we solved the problem, we also found this related article:
BIG-IP LTM and TMOS 11.5.4 where it is mentioned in the known issue section (542104). But, we have version 12.1.1, where in the 12.1.1 version of the same document page, BIG-IP LTM and TMOS 12.1.1 there was not any mention of it.
It would be interesting to understand why the issue only comes up with windows clients. Does anyone have any ideas?
Thanks
Lee_Sutcliffe
Nacreous
NacreousIt could be that the version of IE is using a cipher that is not supported by the cipher suite in the client-ssl profile.
Check what ciphers your browser can use here: https://www.ssllabs.com/ssltest/viewMyClient.html
Then compare the results with the output of the following in the CLI. This will display the ciphers supported in the cipher suite configured in the ssl profile. Change the string as required as you modify the ssl profile tmm --clientciphers 'DEFAULT:SSLv3'