Forum Discussion
SSL decryption/re-encryption w/iRule feeding into HTTPS load balance
- Nov 01, 2017
I was able to get the service working after discovering the issue using tcpdump to capture the full flow of traffic.
What I found was the client side SSL profile was working correctly, the LTM was intercepting the traffic and was decrypting the flow, and was using TLS 1.2. However when the LTM’s server side profile negotiated SSL with the server it was somehow settling on TLV 1.0, which the server rejected. I changed the cipher list in the SSL server profile to only use TLS 1.2 and everything worked.
I was able to get the service working after discovering the issue using tcpdump to capture the full flow of traffic.
What I found was the client side SSL profile was working correctly, the LTM was intercepting the traffic and was decrypting the flow, and was using TLS 1.2. However when the LTM’s server side profile negotiated SSL with the server it was somehow settling on TLV 1.0, which the server rejected. I changed the cipher list in the SSL server profile to only use TLS 1.2 and everything worked.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com