For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

otsokume's avatar
otsokume
Icon for Nimbostratus rankNimbostratus
Apr 29, 2019

LTM SSL reset after clienthelo

Hello.   I have a very strange problems (or it seems to me) when i want to try load balance some appliances with https access. When i try to do an access i receive a reset from the server. When i ...
application delivery
LTM
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Apr 29, 2019

otsokume,

You should expect a ServerHello message after a ClientHello - the fact that you're getting a reset suggests that the cipher suites being offered by the client are not applicable on the F5 via the Client SSL Profile. I assume you've configured a Client SSL Profile and assigned this to the Virtual Server? What is the cipher string configuration on the Client SSL Profile?

You can check what ciphers are supported based on the cipher string in your profile. If you go to the CLI and run this: 

tmm --clientciphers 'DEFAULT
' this should output all the ciphers (should you be using the DEFAULT cipher string of course. If you've amended this then amend the command aswell.

Your clienthello suggests these two cipher suites are supported only "ECDHE_RSA_WITH_AES_256_GCM_SHA384" and "ECDHE_RSA_WITH_AES_128_GCM_SHA256" - so you need to verify your SSL profile.

Also see these links for further help: SSL Profiles Part 4 and Troubleshooting SSL/TLS

Hope this helps,

N