Forum Discussion
sgnewbie_121449
Nimbostratus
NimbostratusSSL - F5 sending TCP RST after handshake
We just renewed server's SSL certificate with 2048 bit but now F5 is sending TCP RST to the server after Handshake.
It's working when we switch back to the old certificate (1024 bit) without changing F5 config.
Here is the SSLdump:
1 1 0.0010 (0.0010) C>S Handshake
ClientHello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
Unknown value 0x2f
Unknown value 0x35
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
compression methods
NULL
1 2 0.0024 (0.0013) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
50 ff 8c cf 7d cc 68 fe 70 b6 d3 15 6c 6e 7c da
f6 32 a3 45 48 53 69 e1 cc a4 f7 1e 68 9a 58 8c
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
Certificate
ServerHelloDone
1 0.0027 (0.0002) C>S TCP RST
I could connect to the server using "openssl s_client -cipher 'RC4-SHA' -connect".
The server is JBOSS. We're using BIG-IP 9.2.3.
Does anyone know why?
13 Replies
sgnewbie_121449Just FYI, we've tried using SHA1 hash but it's still not good.
I asked the app support to generate self-signed 1024 certificate and it's finally okay.
it seems like BIG-IP 9.2.3 doesn't support new certtficate 2048 bit on the server side.
What_Lies_Bene1Cirrostratus
Not too surprising given v9's age I guess. Thanks for posting back, good to know.
dryk_00Did You try maybe during configuring ssl profile to change 'cipher' field from default to all? I had same issue and after that change ssl handshake was successful.
