Forum Discussion
RSA Self Service iRule no longer works
F5 support really rocked this.
It turns out, after looking at the packet capture, that the server was receiving an "invalid parameter" in SSL negotiation.
We were using the "default" serverssl profile, which also uses the default ciphers. After connecting to the server using openssl we could see that the cipher was using RC4-SHA. If you use the "tmm --serverciphers 'DEFAULT'" command on the F5 you can see what ciphers are in the "default". And with 11.6 they removed RC4-SHA. To fix it, temporarily, I just added :RC4-SHA to the cipher list so it now looks like:
DEFAULT:RC4-SHA
and it works. I think a more permanent fix is to update SSL on the server itself. But this fixed it.
- shaggyFeb 10, 2015Nimbostratusnice find - SSL cipher suites often change between F5 releases. i highly recommend not altering the F5 default profiles - create your own based on the F5 default and make your tweaks there. changing defaults can cause migration/upgrade/support headaches
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com