Forum Discussion
NimbostratusSSL Handshake errors - no additional information in ltm log - v13.1.3.5
Hi. I need to troubleshoot some SSL Handshake errors and I understood that additional logging should already be available in the LTM log but it is not on my v13.1.3.5 LTM-VE. I have tried changing the log.ssl.level value to Debug but it has no effect. I want to understand what cipher the external client is sending in with as our ciphers for this SSL Profile:Client is set to DEFAULT
Please can anyone advise?
Hi Salmander,
Can you try this iRule?
when HTTP_REQUEST { log local0. "Cipher=[SSL::cipher name] - Version=[SSL::cipher version] - Bits=[SSL::cipher bits]" }
SalmanderThanks for the reply. That works well for traffic which is successfully processed by the F5 but does not appear to work for traffic that is reported by the "SSL Handshake failed for TCP" issue.
I have added Source IP Address=[IP::client_addr]:[TCP::client_port] to your iRule so the source IP address and source port is reported in the log, but the iRule does not appear to be run for the traffic that has the SSL Handshake error by verifying the source IP address/port details
- Lidev
Nacreous
Hi Salmander,
You can use SSLDump to troubleshoot your SSL Handshake issue.
- https://support.f5.com/csp/article/K10209
- https://support.f5.com/csp/article/K15292
Regards
