Forum Discussion
NimbostratusSSL Handshake failed
Hello, I have a problem with lot of logs with warning level:
warning F5 01260013 SSL Handshake failed for TCP
This logs bellow are not so often as above log:
warning f5 01260009 Connection error: ssl_hs_rxhello:10025: unsupported version (40)
warning f5 01260009 Connection error: ssl_select_suite:9300: TLS_FALLBACK_SCSV with a lower protocol (86)
I have already tried debug level on SSL, but only logs which I can see are from warning level. It looks clients do not have any issues. I have more than 2000 connections.
I know there are lot of threads about this issue, but no one of them hepled me.
Thank you
- Kai_Wilke
MVP
Hi F5Beginner,
if your Virtual Server is faced in the internet, those logs are pretty much normal. Lots of crawlers/bots are running around and trying some silly stuff...
warning f5 01260009 Connection error: ssl_hs_rxhello:10025: unsupported version (40)
Someone has tried to establish a TLS/SSL session with your box, but did not support your allowed TLS versions.
warning f5 01260009 Connection error: ssl_select_suite:9300: TLS_FALLBACK_SCSV with a lower protocol (86)
Most likely a automated test to see if you handle TLS_FALLBACK_SCSV correctly (aka. Poodle attacks).
Cheers, Kai
MohanAltostratus
i too see this warning "SSL Handshake failed for TCP" in 13.x but dont see any impact as i see the connections successful establishing from same clients for which this warning is coming, it seems like 13.x logging more messages but no concrete clue so far!
