Forum Discussion
SSL handshake errors
Okay, I guess I assumed from the other thread that you were doing SSL on the server side. So this actually makes things a bit easier. Let's try some additional tests:
-
Run an tcpdump, listening ONLY on the server side VLAN. Do you see ANY traffic going to the server when you test? If you do, do you see a reset coming from the server?
-
With the -k option you also need to:
a. Provide the private key (the one you use in the client SSL profile)
ssldump -k /path/to/private.key -AdNn -i [client-side VLAN] port 443 [and any additional filters]
b. Force the client and BIG-IP to use an RSA key exchange. The simplest option here might be to just temporarily change the Cipher string in the client SSL profile to: !SSLv3:RSA+AES. This will allow ssldump to decrypt the traffic.
-
Run a client side capture like HTTPWatch or Fiddler and see if there's any HTTP traffic before it fails, and if so where it fails.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com