For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

OTS02's avatar
OTS02
Icon for Cirrus rankCirrus
Jul 23, 2015

monitor for adfs server (GTM)

I cannot create a https monitor for our adfs servers from the GTM. I have tried many different ciphers. Tried offering only the cipher used by my Firefox browser. Curl shows the TLS handshake soundly...
OTS02's avatar
OTS02
Icon for Cirrus rankCirrus
Jul 24, 2015

I set up a test pool on an LTM (11.6.0 HF4) that is on the same subnet. Here is the output:

[root@OTS_WEBLTM_B:Active:Changes Pending] config ssldump -AdNn -i 0.0 port 443 and host 10.189.0.8 New TCP connection 1: 10.xxx.0.44(37668) <-> 10.xxx.0.8(443)

1 1 0.0013 (0.0013) C>SV3.1(512) Handshake

  ClientHello

    Version 3.3

    random[32]=

      f6 04 14 2f 4d 00 c0 80 88 26 bc 3f 2b 5d e4 d0

      f0 0e 8e f3 f8 ad 8d 2f 38 43 82 15 68 ce 12 09

    cipher suites

    Unknown value 0xc030

    Unknown value 0xc02c

    Unknown value 0xc028

    Unknown value 0xc024

    Unknown value 0xc032

    Unknown value 0xc02e

    Unknown value 0xc02a

    Unknown value 0xc026

    Unknown value 0x9d

    TLS_RSA_WITH_AES_256_CBC_SHA256

    Unknown value 0xc02f

    Unknown value 0xc02b

    Unknown value 0xc027

    Unknown value 0xc023

    Unknown value 0xc031

    Unknown value 0xc02d

    Unknown value 0xc029

    Unknown value 0xc025

    Unknown value 0x9c

    TLS_RSA_WITH_AES_128_CBC_SHA256

    TLS_RSA_WITH_RC4_128_MD5

    TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5

    TLS_RSA_EXPORT_WITH_RC4_40_MD5

    Unknown value 0xc014

    Unknown value 0xc00a

    Unknown value 0xc00f

    Unknown value 0xc005

    TLS_RSA_WITH_AES_256_CBC_SHA

    TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

    Unknown value 0xc013

    Unknown value 0xc009

    Unknown value 0xc00e

    Unknown value 0xc004

    TLS_RSA_WITH_AES_128_CBC_SHA

    Unknown value 0x96

    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

    Unknown value 0xc011

    Unknown value 0xc007

    Unknown value 0xc00c

    Unknown value 0xc002

    TLS_RSA_WITH_RC4_128_SHA

    TLS_RSA_WITH_DES_CBC_SHA

    TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

    Unknown value 0xc012

    Unknown value 0xc008

    Unknown value 0xc00d

    Unknown value 0xc003

    TLS_RSA_WITH_3DES_EDE_CBC_SHA

    Unknown value 0xa3

    Unknown value 0x9f

    TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

    Unknown value 0xa2

    Unknown value 0x9e

    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

    TLS_DHE_RSA_WITH_AES_256_CBC_SHA

    TLS_DHE_DSS_WITH_AES_256_CBC_SHA

    TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA

    TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA

    TLS_DHE_RSA_WITH_AES_128_CBC_SHA

    TLS_DHE_DSS_WITH_AES_128_CBC_SHA

    Unknown value 0x9a

    Unknown value 0x99

    Unknown value 0x45

    Unknown value 0x44

    TLS_DHE_RSA_WITH_DES_CBC_SHA

    TLS_DHE_DSS_WITH_DES_CBC_SHA

    TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

    TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

    TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

    TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

    Unknown value 0xff

    compression methods

              NULL

1 0.0015 (0.0002) S>C TCP RST