Forum Discussion

Merry95_171142's avatar
Merry95_171142
Icon for Nimbostratus rankNimbostratus
Feb 18, 2015

SSL Error when requests come from proxy

Hello, I have a problem with some Virtual Servers on LTM.   I use SSLClient Profiles so the dialog between F5 and server is uncrypted. All the parameters are the default ones.   This configura...
Merry95_171142's avatar
Merry95_171142
Icon for Nimbostratus rankNimbostratus
Feb 19, 2015

I'm using the LTM 11.6.0. The SSL profiles are simple, with all default parameters and default ciphers, only the key and certificate from a pk12 file.

 

I could check on my captures and I can see :

 

1- a ssl Hanshake succedded when

 

-  The client sends a Client Hello in SSLv2
- in the cipher List there is TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039, that is the  choosen cipher 
- F5 answers in TSL 1.0 with the cipher above

2- a SSL Hanshake failed when

 

- the client sends a Client Hello in SSLv3
- in the cipher list, there TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x0039
- F5 answers in SSL v3 a fatal Handshake Failure (code 40)

So why is it rigth from a SSLv2 Client Hello but not from SSLv3 (with the same valid cipher presented)? why F5 can't switch to TLS when in response of SSLv3 request?