Forum Discussion
SSL Handshake errors
We are facing intermittent issues in our Exchange connectivity thats loadbalanced in F5 boxes (LTM version is 11.3.0 HF6 ). On observing the LTM logs, I noticed many instances of SSL handshake failures. Will these errors have any impact of the connectivity? Any idea how to resolve these errors.
01060111:3: Open SSL error - error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol. 01060111:3: Open SSL error - error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure. 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure. 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
01260013:6: SSL Handshake failed for TCP from x.x.x.x:62373 to y.y.y.y:443 01260013:6: SSL Handshake failed for TCP from x.x.x.x:45849 to y.y.y.y:443
- Kiozs_131042Altocumulus
It's not necessary to be cipher issues, need a tcpdump captures on client and LTM to look into it.
- What_Lies_Bene1Cirrostratus
I don't believe so. However, it's clear you are using an SSL cipher string and negotiating a 'compat' cipher. For full SSL hardware acceleration you need to be using a native cipher. Making the move will no doubt also stop these errors being logged.
Making the transition shouldn't be too hard. See here for some more information: http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html and also here: http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com