Forum Discussion
newf5learner_13
Nimbostratus
NimbostratusSSL Bridging failing for one of the applications
Hi Experts,
I have enable SSL bridging for an application. The backend server is listening on 8443(https) and VIP on https with SNAT auto-map, however its failing when I try to access the VIP. ...
You have 2 options when changing the ciphers on the server to avoid this issue.
1) Disable DHE and use ECDHE or RSA instead in custom serverssl profile(F5). or 2) Configure the server to support a stronger key length for DHE.
After that user
profile on VIP. issue will solved.custom serverssl
Samir_Jha_52506
Noctilucent
NoctilucentAre you using any certificate at back-end? Is it same version of F5? Please take the TCPdump & chrome developer tool to see packet
newf5learnerhi..
Its the same version of F5s. on the non-working F5, I have changed the server-ssl profile on use 'serverssl-insecure-compatible' and it started working. But I don't want to use it with this weak server-ssl profile, I would like to use some cipher suites with minimum strength.
Can you let me know how to identify the cipher suites the support support and hardcore them on a specific server-ssl profile - I can hardware. But I need help in identifying the cipher suites that server support in this.
thanks.
- Samir_Jha_52506
Looks like your server is using ssl certificate with weak cipher. Take the packet capture & modify server cipher setting.
- newf5learner
Yes. However its not listing me anything when I looked in the SSLDUMP. Can you let me know if I'm following what you are suggesting me to do.
1 2 0.0079 (0.0074) S>C Handshake ServerHello Version 3.1 session_id[32]= 8a 4a 8f 1e 11 f0 e3 e9 45 d4 e2 6b e6 a5 2a b7 **cipherSuite Unknown value 0xc014** compressionMethod NULL