Forum Discussion

MadMick's avatar
MadMick
Icon for Nimbostratus rankNimbostratus
Apr 26, 2022

Proxy Handhsake failure

Hi all, sorry, I'm not an expert using F5 but I got a question for you. I'm using an iRule Proxy configured on a BIG-IP 13.1.1. Suddenly...and I don't know why, this proxy is still working but a...
event
security
PSFletchTheTek's avatar
PSFletchTheTek
Icon for MVP rankMVP
Apr 26, 2022

it looks like its a failure in the handshake. SSLv3 is quite old this wouldn't be the web server or client using this has been updated to not use SSL but upto TLS1.2 or TLS1.3??

Other than that, i'm stuck to!

  • MadMick's avatar
    MadMick
    Icon for Nimbostratus rankNimbostratus
    Apr 26, 2022

    Thank you mate.

    Yes, it is possible but...I cannot reconfigure my antivirus agent.
    The only solution for me is let to disable SSL inspection or https decryption or allow the agent to use SSLv3.

    Do you know how to do it?

    • PSFletchTheTek's avatar
      PSFletchTheTek
      Icon for MVP rankMVP
      Apr 26, 2022

      It's not McAfee is it??? I recongise the Port number! (but others may use it as well - just a guess!)
      So where is this flow error coming from? AV to Virtual server? Or f5 to pool member?
      Where is 192.168.201.37:8081?? I'm guessing this is a f5 to pool member flow?

      So to remove the encryption you just need to remove the client and server SSL profiles from the virtual server.
      But there must be a way to check this, maybe even take a pcap of the flow and have a better look,
      Possible f5 support could look at the config and that pcap for you with more understanding of what those errors mean.

      • MadMick's avatar
        MadMick
        Icon for Nimbostratus rankNimbostratus
        Apr 27, 2022

        This is the Virtual server configuration: everything seems to be disabled.