Forum Discussion

Altostratus

8 years ago

Solved

SSL handshake failure using serverssl (F5 and Citrix Netscaler)

Hello F5 Experts, I am getting fatal ssl handshake failure(40) right after the server hello message from the Citrix Netscaler which sits and the vendor location. I can see in wireshark that the TLS...

big-ip

LTM

security

Anesh
8 years ago
can you change Secure Negotiation to Request and test

nathe

Cirrocumulus

8 years ago

I see you have a Comodo certificate in the serverssl, does that mean the netscaler is expected the bigip to send a certificate? This is similar to client authentication and you would only have a cert/key here if the other end needed the bigip to send a certificate to authenticate itself against the backend. Normally this is not required.

For a test have you tried the default serverssl profile?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL handshake failure using serverssl (F5 and Citrix Netscaler)

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Query on source IP preservation for syslog traffic through F5 virtual server

Related Content

SUPER-WEBSOCKET-HANDSHAKE-LOGGER™® (SWHL) iRule

WS-Exfil-Shield: Catching What WAFs Miss After the 101 Handshake

Citrix Netscaler to F5 BIG-IP

SSL Profiles Part 1: Handshakes

TCP Internals: 3-way Handshake and Sequence Numbers Explained

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS