Forum Discussion
Vikky_193911
Altostratus
AltostratusPleasing the client with CIPHER?
Dear DevCentral people,
Can't find the proper CIPHER for clients connecting via TLS1.1 and TLS1.0 to prevent numerous handshake_failure on VS:443. I can't control clients, they are plain web browsers.
VS is configured with DEFAULT Cipher (latest v13.1).
ssldump shows following cases for TLS v1.1 and then TLS v1.0:
New TCP connection 145: CLIENT_1(59237) <-> LB_VS(443)
145 1 0.0451 (0.0451) C>S Handshake
ClientHello
Version 3.2
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0x5600
compression methods
NULL
145 2 0.0451 (0.0000) S>C Alert
level fatal
value handshake_failure
145 0.0451 (0.0000) S>C TCP FIN
145 0.0913 (0.0462) C>S TCP FIN
New TCP connection 48: CLIENT_2(52795) <-> LB_VS(443)
48 1 0.0512 (0.0512) C>S Handshake
ClientHello
Version 3.1
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Unknown value 0x5600
compression methods
NULL
48 2 0.0512 (0.0000) S>C Alert
level fatal
value handshake_failure
48 0.0512 (0.0000) S>C TCP FIN
48 0.1029 (0.0516) C>S TCP FIN
Is there any help with this?
While here -- how BIG-IP counts these under client-ssl statistics; as Handshake Failures or Fatal Alerts?
Thank you!
Vikky_193911Let me just add that LB_VS does support "offered ciphers from the client". Here is what LB_VS:443 supports:
PORT STATE SERVICE VERSION 443/tcp open ssl/http-proxy F5 BIG-IP load balancer http proxy |_http-server-header: BigIP | ssl-enum-ciphers: | TLSv1.0: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | compressors: | NULL | cipher preference: server | warnings: | Key exchange (dh 1024) of lower strength than certificate key | TLSv1.1: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | compressors: | NULL | cipher preference: server | warnings: | Key exchange (dh 1024) of lower strength than certificate key | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A | TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A | TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A | compressors: | NULL | cipher preference: server | warnings: | Key exchange (dh 1024) of lower strength than certificate key |_ least strength: A Service Info: Device: load balancer- Vikky_193911
Below is ssldump from BIG-IP; client offers TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA and there is the very same Cipher in DEFAULT and yet it is handshake_failure all the way.
New TCP connection 559: CLIENT_3(42790) <-> LB_VS(443) 559 1 0.0477 (0.0477) C>S Handshake ClientHello Version 3.1 cipher suites TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_FALLBACK_SCSV compression methods NULL extensions renegotiation_info server_name extended_master_secret SessionTicket status_request Unknown extension (0x3374) signed_certificate_timestamp application_layer_protocol_negotiation Unknown extension (0x7550) ec_point_formats supported_groups 559 2 0.0477 (0.0000) S>C Alert level fatal value handshake_failure 559 0.0477 (0.0000) S>C TCP FIN 559 0.0480 (0.0003) C>S TCP RSTtmm --serverciphers 'DEFAULT' | grep ECDHE-ECDSA-AES256-SHA 34: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1 Native AES SHA ECDHE_ECDSA 35: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.1 Native AES SHA ECDHE_ECDSA 36: 49162 ECDHE-ECDSA-AES256-SHA 256 TLS1.2 Native AES SHA ECDHE_ECDSA 37: 49188 ECDHE-ECDSA-AES256-SHA384 256 TLS1.2 Native AES SHA384 ECDHE_ECDSA - Vikky_193911
Enabling SSL debug show only SSL Handshake failure, without more details:
Nov 11 09:11:06 ltmmaster warning tmm1[19860]: 01260013:4: SSL Handshake failed for TCP CLIENT_4:58778 -> LB_VS:443Also, below is ssldump with -A flag revealing 559 2 0.0477 (0.0000) S>CV3.1(2) Alert:
New TCP connection 559: CLIENT_4(42790) <-> LB_VS(443) 559 1 0.0477 (0.0477) C>SV3.1(158) Handshake ClientHello Version 3.1 random[32]= a5 c2 b9 48 d0 91 af 1b d2 f9 2e 84 6a 74 fb 0b 73 12 72 14 81 75 75 ad 63 7b 72 1c c1 37 cd 0d cipher suites TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_FALLBACK_SCSV compression methods NULL extensions renegotiation_info server_name extended_master_secret SessionTicket status_request Unknown extension (0x3374) signed_certificate_timestamp application_layer_protocol_negotiation Unknown extension (0x7550) ec_point_formats supported_groups 559 2 0.0477 (0.0000) S>CV3.1(2) Alert level fatal value handshake_failure 559 0.0477 (0.0000) S>C TCP FIN 559 0.0480 (0.0003) C>S TCP RST 
youssef1Cumulonimbus
Hi Vikky,
Did you try to set momentarily your client-ssl to insecure, just to check which cipher will be selected?
Regards