For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ahmad_Mohaidat_'s avatar
Ahmad_Mohaidat_
Icon for Nimbostratus rankNimbostratus
Apr 21, 2014

LTM SSL Offloading

Dears, I have an application server that uses http port 80 , this server is installed behind an F5 LTM and IPS we are now requested to encrypt the traffic going to the server using SSL offloading , ...
application delivery
deployment
design
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Apr 21, 2014

If I may add, your capture is basically 6 different attempts to start an SSL handshake, starting with TLS1.2 and moving to TLS1.0. The odd thing is that the client's CLIENTHELLO message is met with an immediate failure by the server. This would usually indicate some egregious disparity between the client and server's capabilities. So quick questions then:

  1. Are you doing anything specific in the client SSL profile?
  2. Specific cipher selection?
  3. Any non-default settings?
  4. If you have made changes, what happens if you use a basic unmodified client SSL profile (except for the server cert and key)?

And in case there's something missing from the logs, do you see any server side traffic with a tcpdump?

tcpdump -lnni 0.0 port 80 and host y.y.y.y

where y.y.y.y is the IP address of the web server.