Forum Discussion

newf5learner_13's avatar
newf5learner_13
Icon for Nimbostratus rankNimbostratus
Apr 13, 2017

SSL Bridging failing for one of the applications

Hi Experts,   I have enable SSL bridging for an application. The backend server is listening on 8443(https) and VIP on https with SNAT auto-map, however its failing when I try to access the VIP. ...
application delivery
LTM
TMSH
  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Apr 13, 2017

    You have 2 options when changing the ciphers on the server to avoid this issue.

    1) Disable DHE and use ECDHE or RSA instead in custom serverssl profile(F5). or 2) Configure the server to support a stronger key length for DHE.

    After that user 

    custom serverssl
    profile on VIP. issue will solved.

Samir_Jha_52506's avatar
Samir_Jha_52506
Icon for Noctilucent rankNoctilucent

Are you using any certificate at back-end? Is it same version of F5? Please take the TCPdump & chrome developer tool to see packet

 

newf5learner's avatar
newf5learner
Icon for Nimbostratus rankNimbostratus
Apr 13, 2017

hi..

 

Its the same version of F5s. on the non-working F5, I have changed the server-ssl profile on use 'serverssl-insecure-compatible' and it started working. But I don't want to use it with this weak server-ssl profile, I would like to use some cipher suites with minimum strength.

 

Can you let me know how to identify the cipher suites the support support and hardcore them on a specific server-ssl profile - I can hardware. But I need help in identifying the cipher suites that server support in this.

 

thanks.