Forum Discussion

Nimbostratus

Feb 18, 2015

SSL Error when requests come from proxy

Hello, I have a problem with some Virtual Servers on LTM. I use SSLClient Profiles so the dialog between F5 and server is uncrypted. All the parameters are the default ones. This configura...

Merry95_171142

Nimbostratus

Feb 18, 2015

Actually, I have no error log in /var/log/ltm, and the errors the client is sending us are :

a java error

16/02 16:19:16 [ERROR] ue.GestionPreconisationFacadeMetier - log exception CEC, error message: ; nested exception is: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure '

a Proxy error (Bluecoat)

Feb 17 11:26:51 STIB0515 2015-02-17 10:26:39 15 - 172.30.201.132 172.30.201.139 - - - PROXIED "none" - 200 TCP_ACCELERATED CONNECT - tcp wscontrat.rmoa.xxx.fr 8096 / - - "Mozilla/5.0 (Windows NT 5.1; rv:35.0) Gecko/20100101 Firefox/35.0" 172.30.201.139 39 268 0 - "unavailable" "unavailable" - - identity - - 172.30.201.139 - tcp://wscontrat.rmoa.xxx.fr:8096/ Feb 17 11:26:51 STIB0515 2015-02-17 10:26:39 25 - 172.30.201.132 172.30.101.132 - - - PROXIED "none" - 0 FAILED unknown - ssl wscontrat.rmoa.xxx.fr 8096 / - - - 172.30.201.139 0 0 0 - "unavailable" "unavailable" - - - - - 172.30.101.132 - ssl://wscontrat.rmoa.xxx.fr:8096/

I have also a pcap that shows a client Hello, and then a Handshake Failure (Level: Fatal, Description: Handshake Failure) in SSLv3

Brad_Parker
Cirrus
Feb 18, 2015
It sounds like your proxy and you client ssl profile don't have an overlap in you configured SSL ciphers list. What's you BigIP version, client ssl profile ciphers list, and the list/ssl version in the client Hello?