Forum Discussion
Ahmad_Mohaidat_
Nimbostratus
Apr 20, 2014LTM SSL Offloading
Dears,
I have an application server that uses http port 80 , this server is installed behind an F5 LTM and IPS
we are now requested to encrypt the traffic going to the server using SSL offloading , ...
Kevin_Stewart
Employee
Apr 21, 2014If I may add, your capture is basically 6 different attempts to start an SSL handshake, starting with TLS1.2 and moving to TLS1.0. The odd thing is that the client's CLIENTHELLO message is met with an immediate failure by the server. This would usually indicate some egregious disparity between the client and server's capabilities. So quick questions then:
- Are you doing anything specific in the client SSL profile?
- Specific cipher selection?
- Any non-default settings?
- If you have made changes, what happens if you use a basic unmodified client SSL profile (except for the server cert and key)?
And in case there's something missing from the logs, do you see any server side traffic with a tcpdump?
tcpdump -lnni 0.0 port 80 and host y.y.y.y
where y.y.y.y is the IP address of the web server.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects