Forum Discussion

Altostratus

Aug 29, 2018

SSL handshake failure during SSO

Both our production and non-production service desk applications use SSO. User connects to application VIP, which redirects users to the SSO VIP on 443. The F5 configuration for these two ...

Employee

Aug 31, 2018

The second one is truncated with the "Length mismatch" error, but can I assume the second one works?

In any case, what you're seeing here is the server side rejecting the client right after the client hello message. The only thing that generally happens in this message is the client sending a preferred TLS protocol, a list of supported ciphers, and any number of TLS extensions (ex. SNI, EC points, etc.).

There is something in the client's client hello message that the server does not like, and is therefore closing the connection. At this stage it can only be a disagreement in one of these things: TLS protocol, ciphers, TLS extensions. I don't actually see the TLS extensions in the capture though.

So to clarify, who is the client and who is the server in this capture?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL handshake failure during SSO

Recent Discussions

APM with EntraID as idP / request signed

Should config via cli rather than gui?

Background Tasks

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

BIG-IP Proxy SSL 12.1 Handshake Failure

TCP Internals: 3-way Handshake and Sequence Numbers Explained

SSL handshake failure using serverssl (F5 and Citrix Netscaler)

Monitoring Failure OAuth request

SSL Profiles Part 1: Handshakes

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS