For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Hassan_Hireche1's avatar
Hassan_Hireche1
Icon for Nimbostratus rankNimbostratus
Sep 13, 2013

Open SSL error on ltm logs since v11 upgrade

Hello,   We upgraded our viprion 4802 from 10.2.4 to 11.2.1. Since this upgrade, we see ltm logs concerning Open SSL error every 5 seconds:   Sep 13 04:02:14 slot1/A-EB2-BIGIP-DMZ-BCK err bigd[...
design
management
adam88's avatar
adam88
Icon for Cirrus rankCirrus
Dec 15, 2018

We had the same problem at my office and it turns out that it was a Cipher issue with the HTTPS monitor. As part of web server hardening, everything but TLS1.2 was disabled on the web servers. The HTTPS monitor did have "DEFAULT:+SHA:+3DES:+kEDH" in the ciphers list and the 'DEFAULT' group does also include TLSv1.2 cipher suites but somehow this was causing problems.

 

I changed the cipher list to TLSv1_2+AES and this immediately fixed the problem - though it did create other problems as I did have a pool where some servers were hardened while others weren't. Adding this cipher suites caused the pool members pointing to the unhardened servers to go down.

 

In the end I couldn't find a compromise so I just put it to "tcp". Not the best solution but I need to get the server and application guys to fix it on the servers.