Forum Discussion

Ret. Employee

May 03, 2018

Server Side SSL Handshake Failures

Customer currently can connect to SharePoint directly over 443. When putting the BIG-IP in the mix, users are getting page cannot be displayed. After running a TCPDump, 3 way handshake occurs, clie...

application delivery

LTM

Steve_Lyons

Ret. Employee

May 03, 2018

In order to determine which cipher suite and protocol was being used during a successful attempt to access the webpage by bypassing the BIG-IP, a capture was taken from the web server itself. This showed that TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 was the cipher suite used with TLS1.2. When looking at a TCPDump from the BIG-IP and then running a SSLDump against it, I see the client is sending a client hello using TLS1.1. My assumption was that negotiation would occur and they would establish a connection using 1.2 though we are not even getting to the point of negotiation because the server sends a RST immediately after the client hell. Will be testing ECDHE-RSA-AES256-GCM-SHA384:TLSv1_2 as the cipher string shortly to see the results.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Server Side SSL Handshake Failures

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

SSL handshake failure

SSL Handshake failure

LDAPS SSL Handshake failure..

That Other Single Point of Failure

Remote Backup and The Massive Failure

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS