Forum Discussion

PeterKoine_1630's avatar
PeterKoine_1630
Icon for Nimbostratus rankNimbostratus
Jan 22, 2015

Issue changing TLS version in HTTPS monitor

Hello everyone,   I am having troubles to change the cipher suite on a custom https monitor. Our client has turned off TLS v1.0 on their servers but each time I change the cipher option from DEFAU...
application delivery
availability
deployment
design
LTM
management
  • SynACk_128568's avatar
    SynACk_128568
    Jan 22, 2015

    Hi Peter ,

     

    https monitor uses openssl library and openssl flags sslv3 and tls1.0 same . So when you use DEFAULT:!SSLv3:!TLSv1 there are no ciphers left to negotiate .

     

    have you tried

     

    tmsh modify ltm monitor https monitor_name cipherlist TLSv1 or someother version .

     

    you can see openssl ciphers by using this command :

     

    openssl -v DEFAULT or some other setting in cipherlist in monitor https

     

SynACk_128568's avatar
SynACk_128568
Icon for Cirrostratus rankCirrostratus

Hi Peter,

 

It was like this :

 

1 1 0.0020 (0.0020) C>S SSLv2 compatible client hello

 

Version 3.1

 

cipher suites

 

cipher 1

 

cipher 2 . .

 

1 0.0032 (0.0000) S>C TCP FIN

 

1 0.0041 (0.0009) C>S TCP FIN

 

Thanks

 

SynACk_128568's avatar
SynACk_128568
Icon for Cirrostratus rankCirrostratus
Jan 29, 2015
thanks for your inputs Peter , will check and revert back if i find some solution