server side ssl - handshake error

Question

Using fastl4 - server works as expected.                                                         &nbsp;
Using standard 443- 8443 with no offload-server works as expected.                               &nbsp;
Using standard 443-8443 - with SSLoffload - fails on the serverside.                             &nbsp;
S&gt;C  HandshakeError: short handshake length: expected 27322 got 16380      &nbsp;
S&gt;C  HandshakeError: short handshake length: expected 394069 got 10942       
&nbsp;

rxbauer_80267 · Answer

Using fastl4 - server works as expected.                                                         &nbsp;
Using standard 443- 8443 with no offload-server works as expected.                               &nbsp;
Using standard 443-8443 - with SSLoffload - fails on the serverside.                               
&nbsp;

New TCP connection 3: 172.16.33.170(8503) &lt;-&gt; 172.16.61.240(8443)
3 1  0.0015 (0.0015)  C&gt;S  Handshake
ClientHello
Version 3.3
cipher suites
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
NULL
extensions
supported_groups
ec_point_formats
signature_algorithms
extended_master_secret
3 2  0.0021 (0.0005)  S&gt;C  Handshake
ServerHello
Version 3.3
session_id[32]=
63 01 f6 ce 06 8f 44 aa 46 4b d7 45 d2 90 8f 36
4c 49 ad f9 81 32 b4 ba 85 f1 c5 df 2c 3f e5 7e
cipherSuite         TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
compressionMethod                   NULL
extensions
renegotiation_info
ec_point_formats
3 3  0.0036 (0.0014)  S&gt;C  Handshake
Certificate
3 4  0.0036 (0.0000)  S&gt;C  Handshake
ServerKeyExchange
3 5  0.0049 (0.0013)  S&gt;C  HandshakeError: short handshake length: expected 27322 got 16380
3 6  0.0057 (0.0008)  S&gt;C  HandshakeError: short handshake length: expected 394069 got 10942
3 7  0.0066 (0.0008)  C&gt;S  Alert
level           fatal
value           handshake_failure
3    0.0067 (0.0001)  C&gt;S  TCP RST

m_2 · Answer

Did you try attaching both clientssl and serverssl (since 8443 looks like ssl port) profiles to the virtual ?
if still issue persist you may try checking server side ciphers.&nbsp;

ganesanpakkirisamy · Answer

i am also facing the same issue in our environment. can you please share how you fixed this issue, Thanks in advance.

Forum Discussion

server side ssl - handshake error

Recent Discussions

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

ports are showing open on online scanning tool

Related Content

SSL handshake Failures and Fatal Errors through MIB

SSL handshake errors

iRULE regsub error

iRule error

Server Side SSL Handshake Failures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS