Forum Discussion

Altocumulus

Dec 01, 2020

protect cloudfront service whit asm VE AWS

Hello, I am trying to protect a web application that is hosted in aws, but it turns out that before directing the traffic to the backend servers first for a cdn, (cloudfront), the F5 is in front of t...

Employee

Dec 01, 2020

Well, it looks like the ServerHello from the Cloudfront server does not meet the server-ssl profile requirements, and the BigIP terminates the connection. You have to figure out what works, and make sure that the server-ssl profile matches.

Look at the incoming client-side ClientHello. The outgoing server-side ClientHello needs to match as closely as possible. Check for a Server-Name Indication extension on the server-side. Check the supported TLS protocols and ciphers.

Craft a specific server-ssl profile to ensure that as closely as possible, the ClientHello requests match.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

protect cloudfront service whit asm VE AWS

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

ASM/AWAF declarative policy

Managing iRules configuration

Changes to DO and AS3 GitHub - no longer monitored

Help with SSH Virtual Server

GRE Tunnel Issue

Related Content

F5 Distributed Cloud Bot Defense Protecting AWS CloudFront Distributions

F5 Essential App Protect and AWS CloudFront - Better Together.

Protect Your Adobe Commerce Site with F5 Distributed Cloud Services

Embedding APM Protected Resources into Third-Party Sites

Demonstration of Device DoS and Per-Service DoS protection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS