Forum Discussion

Altostratus

Jun 22, 2018

SSL handshake failure using serverssl (F5 and Citrix Netscaler)

Hello F5 Experts, I am getting fatal ssl handshake failure(40) right after the server hello message from the Citrix Netscaler which sits and the vendor location. I can see in wireshark that the TLS...

BIG-IP

LTM

security

Anesh
Jun 25, 2018
can you change Secure Negotiation to Request and test

nathe

Cirrocumulus

Jun 25, 2018

I see you have a Comodo certificate in the serverssl, does that mean the netscaler is expected the bigip to send a certificate? This is similar to client authentication and you would only have a cert/key here if the other end needed the bigip to send a certificate to authenticate itself against the backend. Normally this is not required.

For a test have you tried the default serverssl profile?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL handshake failure using serverssl (F5 and Citrix Netscaler)

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Citrix Netscaler to F5 BIG-IP

Activate serverssl profile in iRule

SSL Profiles Part 1: Handshakes

TCP Internals: 3-way Handshake and Sequence Numbers Explained

Restricting number of concurrent TLS handshakes using Max Active Handshakes on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS