Forum Discussion
AltostratusServerside SSL fails
Server-SSL fails with "This page can't be displayed"
Product BIG-IP Version 11.5.4 Build 2.0.291 Edition Hotfix HF
In the attached capture, the F5 interface is 10.43.41.129. The server is 10.43.130.144. No TLS session is ever established. I don't even see an attempt. (I hope you can enlarge and read)
A Bad Request error is triggered and the F5 eventually disconnects. I attempted to change the cipher to ALL in case there was a problem but that did not help. Does something need to be done on the server/application side for this to work? I have limited command-line access to the F5. If there is something else I can do, please advise.
ltm profile server-ssl QA_serverside_SSL { app-service none ciphers ALL defaults-from serverssl }
ltm virtual preval.test.com_443 { destination 205.xx.xx.xx:https ip-protocol tcp mask 255.255.255.255 persist { cookie { default yes } } pool pool_preval profiles { Http_compression-compression_new { } QA_serverside_SSL { context serverside } http_XFoward { } preval.test.com { context clientside } tcp { } } rules { secure_httponly_cookie rule_preval_pool_redirect Remove_Unsafe_header } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled vs-index 54 }
2 Replies
Only1masterbla1Cirrus
The message says that client request for a resource was incorrect. This message is coming from the backend server, so no issue from ssl profile perspective. You may also check the network trace at the backend.
Daniel_VarelaEmployee
What is you pool configuration? It looks like you are sending the traffic to port 80 but you set in you virtual server a serverssl profile. This won’t work unless you accept ssl there.
Change the pool member configuration to point to port 443.
Regarding your backend server nothing is really required, it should work straight away. There may be some considerations but 90% of the times default is enough.
