Forum Discussion
CirrostratusSSL cipher exchange error
Hi we are encountering issue with SSL.
When we used the default client/server SSL the web is working, but when we used the certificate of client it is not.
Here are the cipher that the server is using: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
7 Replies
NathWe are running version 12.1.2 bigip
JGCumulonimbus
What was the error you were getting?
jaikumar_f5Noctilucent
You should narrow down you troubleshooting to Clientside connection or Serverside connection. Take a SSL Dump and see where the handshake is failing.
If the handshake is failing on clientside, try comparing the default clientssl profile and the custom clientssl profile, it could be the certificate or the ciphers.
If the handshake is complete till clientside and then server side is failing, you can be sure that it has to do with server ssl profile.
- Nath
Hi All. Seems that the error is on the clientside SSL. Ive tried using clientssl-incompatible and serverSSL using actual cert and it is working. But of course insecure on the browser.
Any idea?
- Nath
Hi All this is resolved. I've figured out that Mode option was uncheck and that is the reason I am getting an error. After checking this option we can now access the website. :)
- jaikumar_f5
You may want to close this thread then. Glad its fixed.
- Nath
Close case!
