Forum Discussion
Ajit
Jun 22, 2018Altostratus
SSL handshake failure using serverssl (F5 and Citrix Netscaler)
Hello F5 Experts,
I am getting fatal ssl handshake failure(40) right after the server hello message from the Citrix Netscaler which sits and the vendor location. I can see in wireshark that the TLS...
- Jun 25, 2018
can you change Secure Negotiation to Request and test
Ajit
Jun 25, 2018Altostratus
Hello Anesh / Chase,
Below is the serverssl profile config:
ltm profile server-ssl abc_443_NP_SLG_https_profile_server-ssl {
alert-timeout 10
app-service none
authenticate once
authenticate-depth 9
authenticate-name none
ca-file Comodo_xyz.crt
cache-size 262144
cache-timeout 3600
cert abc.crt
chain Entrust-EV-256-Bundle-AVX.crt
ciphers !SSLv2:!SSLv3:!DTLSv1:!EXP:!MD5:!ADH:!NULL:!LOW:!RC4:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES256-CBC-SHA:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:+TLSv1_1:+TLSv1
crl-file none
defaults-from serverssl
description none
expire-cert-response-control drop
generic-alert enabled
handshake-timeout 10
key abc.key
mod-ssl-methods disabled
mode enabled
options { dont-insert-empty-fragments }
partition Common
passphrase "****"
peer-cert-mode require
proxy-ssl disabled
proxy-ssl-passthrough disabled
renegotiate-period indefinite
renegotiate-size indefinite
renegotiation enabled
retain-certificate true
secure-renegotiation require![Image Text](/Portals/0/Users/164/20/128420/SSLFailure.PNG?ver=2018-06-25-001012-333)-strict
server-name none
session-mirroring disabled
session-ticket disabled
sni-default false
sni-require false
ssl-forward-proxy disabled
ssl-forward-proxy-bypass disabled
ssl-sign-hash any
strict-resume disabled
unclean-shutdown enabled
untrusted-cert-response-control drop
}
Also, I am attaching a wireshark screenshot of the capture where the SSL handshake fails.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects