Forum Discussion
Vikky_193911
Altostratus
AltostratusPleasing the client with CIPHER?
Dear DevCentral people,
Can't find the proper CIPHER for clients connecting via TLS1.1 and TLS1.0 to prevent numerous handshake_failure on VS:443. I can't control clients, they are plain web browse...
Vikky_193911Altostratus
AltostratusEnabling SSL debug show only SSL Handshake failure, without more details:
Nov 11 09:11:06 ltmmaster warning tmm1[19860]: 01260013:4: SSL Handshake failed for TCP CLIENT_4:58778 -> LB_VS:443
Also, below is ssldump with -A flag revealing 559 2 0.0477 (0.0000) S>CV3.1(2) Alert:
New TCP connection 559: CLIENT_4(42790) <-> LB_VS(443)
559 1 0.0477 (0.0477) C>SV3.1(158) Handshake
ClientHello
Version 3.1
random[32]=
a5 c2 b9 48 d0 91 af 1b d2 f9 2e 84 6a 74 fb 0b
73 12 72 14 81 75 75 ad 63 7b 72 1c c1 37 cd 0d
cipher suites
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_FALLBACK_SCSV
compression methods
NULL
extensions
renegotiation_info
server_name
extended_master_secret
SessionTicket
status_request
Unknown extension (0x3374)
signed_certificate_timestamp
application_layer_protocol_negotiation
Unknown extension (0x7550)
ec_point_formats
supported_groups
559 2 0.0477 (0.0000) S>CV3.1(2) Alert
level fatal
value handshake_failure
559 0.0477 (0.0000) S>C TCP FIN
559 0.0480 (0.0003) C>S TCP RST
