* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

* Podcasts
* Social Channels
* Video Streaming

 

 

 

 

 

ABOUT DEVCENTRAL

DevCentral News Technical Forum Technical Articles Technical CrowdSRC Community Guidelines DevCentral EULA Get a Developer Lab License Become a DevCentral MVP

RESOURCES

Product Documentation White Papers Glossary Customer Stories Webinars Free Online Courses F5 Certification LearnF5 Training

SUPPORT

Manage Subscriptions Professional Services Professional Services Create a Service Request Software Downloads Support Portal

PARTNERS

Find a Reseller Partner Technology Alliances Become an F5 Partner Login to Partner Central

---

©2024 F5, Inc. All rights reserved.

Hi there,

Recently put TMOS version 12 into production and see following SSL handshake errors, none of which existed in version 10.2.3:

Nov 12 03:15:36 dc1lbc2p info tmm[11446]: 01260013:6: SSL Handshake failed for TCP 72.238.29.206:60819 -> x.x.x.x:443\nNov 12 03:15:55 dc1lbc2p info tmm[11446]: 01260013:6: SSL Handshake failed for TCP 96.241.137.52:50815 -> x.x.x.x:443\nNov 12 03:16:12 dc1lbc2p info tmm[11446]: 01260013:6: SSL Handshake failed for TCP 166.172.187.30:38119 -> x.x.x.x:443\nNov 12 03:16:32 dc1lbc2p warning tmm[11446]: 01260009:4: Connection error: hud_ssl_handler:1135: codec alert (20)\nNov 12 03:16:32 dc1lbc2p info tmm[11446]: 01260013:6: SSL Handshake failed for TCP y.y.y.y:63127 -> z.z.z.z:443\nNov 12 03:18:53 dc1lbc2p warning tmm[11446]: 01260009:4: Connection error: ssl_hs_rxhello:7103: unsupported version (40)

Did ssldump and ssl debugs but can't figure it out. There are no low encryption ciphers being presented by clients. In fact I don't see any handshake errors in the packet captures. Its pretty baffling. Would be great if someone can throw some light. Techs at F5 haven't been able to figure it out either.

Thanks\nNaresh

Hi there,

Recently put TMOS version 12 into production and see following SSL handshake errors, none of which existed in version 10.2.3:

Nov 12 03:15:36 dc1lbc2p info tmm[11446]: 01260013:6: SSL Handshake failed for TCP 72.238.29.206:60819 -> x.x.x.x:443\nNov 12 03:15:55 dc1lbc2p info tmm[11446]: 01260013:6: SSL Handshake failed for TCP 96.241.137.52:50815 -> x.x.x.x:443\nNov 12 03:16:12 dc1lbc2p info tmm[11446]: 01260013:6: SSL Handshake failed for TCP 166.172.187.30:38119 -> x.x.x.x:443\nNov 12 03:16:32 dc1lbc2p warning tmm[11446]: 01260009:4: Connection error: hud_ssl_handler:1135: codec alert (20)\nNov 12 03:16:32 dc1lbc2p info tmm[11446]: 01260013:6: SSL Handshake failed for TCP y.y.y.y:63127 -> z.z.z.z:443\nNov 12 03:18:53 dc1lbc2p warning tmm[11446]: 01260009:4: Connection error: ssl_hs_rxhello:7103: unsupported version (40)

Did ssldump and ssl debugs but can't figure it out. There are no low encryption ciphers being presented by clients. In fact I don't see any handshake errors in the packet captures. Its pretty baffling. Would be great if someone can throw some light. Techs at F5 haven't been able to figure it out either.

Thanks\nNaresh

The F5 Certification is excited to announce that all five of the NEW F5 Certified BIG-IP Administrator Certification (F5 CAB) exams are now live and available to schedule via the new Education Services Portal.

Have you checked this one out?

https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15292.html?sr=49481718

Yes I have, this did not help. Sorry.

I think this issue is the following.

https://support.f5.com/kb/en-us/solutions/public/16000/100/sol16159.html

I recommend your bigip should be upgraded.

Upgraded to what? I am already running TMOS 12.0.

Naresh, it looks like you've been working in two threads: https://devcentral.f5.com/questions/ssl-handshake-errors

You indicated in the other thread that the server sends a reset AFTER the client sends an application data packet, and here you said that you don't see any handshake failures at all. That could indicate just a few things:

1. \n

   I know you're convinced that this is a client side issue, but you might actually see this pattern on the client side if the server side SSL was broken. Have you done SSL captures on the server side?

    

   \n
2. \n

   If both sides are handling SSL just fine, then the likely issue is inside the layer 7 communications. You may need to force an RSA key exchange and crack open the SSL traffic with ssldump and the -k option to see what that looks like.

    

   \n

Kevin,

Yes sorry. I got an email from Devcentral and the link in that landed me on the other thread that I didn't know existed and it had same title. Later I realized my mistake but anyway thanks for your response.

1. I have no serverside ssl enabled, ssl terminates at the F5.
2. I did ssldump with -k option with key but I can't see what is going on inside application_data, which I was hoping to see. Also tried -A but can't see any details.

Naresh

I meant SSL terminates at VIP (not fully awake yet I guess).

Okay, I guess I assumed from the other thread that you were doing SSL on the server side. So this actually makes things a bit easier. Let's try some additional tests:

1. \n

   Run an tcpdump, listening ONLY on the server side VLAN. Do you see ANY traffic going to the server when you test? If you do, do you see a reset coming from the server?

   \n
2. \n

   With the -k option you also need to:

   \n

   a. Provide the private key (the one you use in the client SSL profile)

   \n

   ssldump -k /path/to/private.key -AdNn -i [client-side VLAN] port 443 [and any additional filters]\n

   \n\n

   b. Force the client and BIG-IP to use an RSA key exchange. The simplest option here might be to just temporarily change the Cipher string in the client SSL profile to: !SSLv3:RSA+AES. This will allow ssldump to decrypt the traffic.

   \n
3. \n

   Run a client side capture like HTTPWatch or Fiddler and see if there's any HTTP traffic before it fails, and if so where it fails.

   \n

You actually have a few clients in this capture, so I'll strip out everything but the last one (569) and re-format for visibility:

New TCP connection 569: 70.198.140.97(7336) <-> x.x.x.x(443) \n569 1 0.1171 (0.1171) C>SV3.3(184) Handshake \n    ClientHello \n        Version 3.3 \n        random[32]= 56 4a c5 04 f4 09 eb... \n        cipher suites \n            TLS_EMPTY_RENEGOTIATION_INFO_SCSV \n            TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 \n            TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 \n            TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA \n            TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA \n            TLS_ECDHE_ECDSA_WITH_RC4_128_SHA \n            TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA \n            TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 \n            TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 \n            TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA \n            TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA \n            TLS_ECDHE_RSA_WITH_RC4_128_SHA \n            TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA \n            TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 \n            TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 \n            TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 \n            TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 \n            TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA \n            TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA \n            TLS_ECDH_ECDSA_WITH_RC4_128_SHA \n            TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA \n            TLS_ECDH_RSA_WITH_AES_128_CBC_SHA \n            TLS_ECDH_RSA_WITH_AES_256_CBC_SHA \n            TLS_ECDH_RSA_WITH_RC4_128_SHA \n            TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA \n            TLS_RSA_WITH_AES_256_CBC_SHA256 \n            TLS_RSA_WITH_AES_128_CBC_SHA256 \n            TLS_RSA_WITH_AES_128_CBC_SHA \n            TLS_RSA_WITH_RC4_128_SHA \n            TLS_RSA_WITH_RC4_128_MD5 \n            TLS_RSA_WITH_AES_256_CBC_SHA \n            TLS_RSA_WITH_3DES_EDE_CBC_SHA \n            TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 \n            TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \n            TLS_DHE_RSA_WITH_AES_128_CBC_SHA \n            TLS_DHE_RSA_WITH_AES_256_CBC_SHA \n            TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA \n            compression methods \n                NULL \n

The client is issuing its request to start an SSL session. The ClientHello message contains the client's preferred protocol (Version 3.3 = TLSv1.2), a random number, and a list of supported cipher suites (in general order of preference)

569 2 0.1180 (0.0009) S>CV3.3(85) Handshake \nServerHello \n        Version 3.3 \n        random[32]= 6c 0f a3 fc 6e d1 8a... \n        session_id[32]= e8 27 5b f0 9c 4a...\n        cipherSuite \n            TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 \n            compressionMethod \n                NULL \n

The server responds with a ServerHello that contains the selected protocol (Version 3.3), its own random number, and the selected cipher from the client's list (TLS_DHE_RSA_WITH_AES_256_CBC_SHA256)

569 3 0.1180 (0.0000) S>CV3.3(2488) Handshake \n    Certificate \n        Subject \n            C=US \n            ST=California L=Mountain View \n            O=abc, Inc. \n            OU=Network Operations \n            CN=*.abc.net Issuer \n            C=US O=thawte, Inc. \n            CN=thawte SHA256 SSL CA \n        Serial      49 a1 db 0d 32 5e a5 16 dd 0b 5c 71 eb ec f3 6a \n        Extensions \n            Extension: \n                X509v3 Subject Alternative Name Extension: \n                X509v3 Basic Constraints Extension: \n                X509v3 Certificate Policies Extension: \n                X509v3 Key Usage Critical Extension: \n                X509v3 Authority Key Identifier Extension: \n                X509v3 CRL Distribution Points Extension: \n                X509v3 Extended Key Usage Extension: \n                Authority Information Access \n        Subject \n            C=US O=thawte, Inc. \n            CN=thawte SHA256 SSL CA \n        Issuer \n            C=US O=thawte, Inc. \n            OU=Certification Services Division \n            OU=(c) 2008 thawte, Inc. - For authorized use only \n            CN=thawte Primary Root CA - G3 \n        Serial      36 34 9e 18 c9 9c 26 69 b6 56 2e 6c e5 ad 71 32 \n        Extensions \n            Extension: \n                Authority Information Access Extension: \n                X509v3 Basic Constraints Critical Extension: \n                X509v3 Certificate Policies Extension: \n                X509v3 CRL Distribution Points Extension: \n                X509v3 Key Usage Critical Extension: \n                X509v3 Subject Alternative Name Extension: \n                X509v3 Subject Key Identifier Extension: \n                X509v3 Authority Key Identifier \n

The server immediately sends a Certificate message that should contain its own certificate and optionally any immediate issuing CAs.

569 4 0.1180 (0.0000) S>CV3.3(527) Handshake \n    ServerKeyExchange \n        params \n            DH_p[128]= b9 77 c2 e3 f9 1d 78 15...\n            DH_g[1]= 02 \n            DH_Ys[128]= 58 5d 21 35 30 dc 7f 35... \n

The server follows the Certificate message with a ServerKeyExchange message, which generally only occurs when a Diffie-Hellman cipher is selected. Here the server is sending its DH parameters.

569 5 0.1180 (0.0000) S>CV3.3(4) Handshake \n    ServerHelloDone\n

The server then indicates it's done with a ServerHelloDone message.

569 0.6487 (0.5306) C>S TCP FIN \n569 0.6487 (0.0000) S>C TCP FIN \n

What should be next is the client's ClientKeyExchange message, which for Diffie-Hellman is the client's DH parameters (or for RSA the encrypted pre-master secret). As the client is sending a FIN at this point, the most likely cause is that the client doesn't like something about the server's response. We can pretty much rule out cipher selection and protocol, as those were selected from the client's list. You may have scrubbed the data a little too much here, but one interesting thing I noticed is that the server's certificate chain starts with a CA (CN=thawte SHA256 SSL CA). Is that correct? At this point in the SSL handshake the client is going to attempt to validate the server's certificate. If the client cannot establish a trust chain with the server's certificate, or the server's certificate is otherwise invalid, the client agent may either prompt the user with an \"untrusted certificate\" warning, or in some circumstances just fail completely. My guess here, assuming the capture is mostly intact, is that the client is failing the SSL handshake because of the certificates presented. If you test access to the BIG-IP VIP with cURL,

curl -k https://x.x.x.x\n

(the -k tells cURL to ignore certificate trust issues) do you get any further?

Kevin,

Thanks for looking at it, sorry for the bad formatting. Yes \"thawte SHA256 SSL CA\" is fine. The clientssl profile that I use here is used in 100s of more VIPs and have no problem with certificate chain. I have tried to use the one with a bad chain and I get a different error - something to the effect \"unknown_ca\" in packet capture, which I am not seeing here. Since Handshake failed, no application_data started. I am still at a loss to understand why this (and others I sent) failed. One of them only has one line where client makes a new connection to server and fails right after, making no sense of what happened.

Naresh