Forum Discussion
CirrusRST after client hello
CirrusThanks for your reply. I added SNI and still got the same response. I tried to force it to use TLS1.2 as well but it did not resolve my issue.
Could you share you monitor settings and a packet capture?
Have tried the same request with a curl from F5?
- nurairtt91
Yes, I tried with the Curl command as well. It was reporting "unknown SSL protocol error". I tried to initiate the connection using the openssl command and tried to force it with different TLS versions (1.0, 1.1, and 1.2) and sent SNI, but still no luck.
SSL handshake only fails for the custom port, but when I initiate using 443, it works fine from F5 (Curl, openssl, and health check).
[Active:Changes Pending] log # openssl s_client -connect x.x.x.x:custom_port -servername example.com
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 276 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
Start Time: 1753690172
Timeout : 300 (sec)
Verify return code: 0 (ok)
SravsAltocumulus
Hi nurairtt91
The most likely cause is that the backend server is not running SSL/TLS on the custom port. Can you try from F5: curl https://x.x.x.x:custom_port
Is that connecting and providing successful response ?- nurairtt91
Backend server is connecting on custom port when we tried from the browser (which confirms TLS enabled on custom port), but curl from F5 not getting expected response.
