Forum Discussion

newf5learner_13's avatar
newf5learner_13
Icon for Nimbostratus rankNimbostratus
Apr 13, 2017

SSL Bridging failing for one of the applications

Hi Experts,   I have enable SSL bridging for an application. The backend server is listening on 8443(https) and VIP on https with SNAT auto-map, however its failing when I try to access the VIP. ...
application delivery
LTM
TMSH
  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Apr 13, 2017

    You have 2 options when changing the ciphers on the server to avoid this issue.

    1) Disable DHE and use ECDHE or RSA instead in custom serverssl profile(F5). or 2) Configure the server to support a stronger key length for DHE.

    After that user 

    custom serverssl
    profile on VIP. issue will solved.

Samir_Jha_52506's avatar
Samir_Jha_52506
Icon for Noctilucent rankNoctilucent

Are you using any certificate at back-end? Is it same version of F5? Please take the TCPdump & chrome developer tool to see packet

 

newf5learner's avatar
newf5learner
Icon for Nimbostratus rankNimbostratus
Apr 13, 2017

Yes. However its not listing me anything when I looked in the SSLDUMP. Can you let me know if I'm following what you are suggesting me to do. 

1 2  0.0079 (0.0074)  S>C  Handshake
      ServerHello
        Version 3.1 
        session_id[32]=
          8a 4a 8f 1e 11 f0 e3 e9 45 d4 e2 6b e6 a5 2a b7 

        **cipherSuite         Unknown value 0xc014**
        compressionMethod                   NULL