Forum Discussion
Ajit
Jun 22, 2018Altostratus
SSL handshake failure using serverssl (F5 and Citrix Netscaler)
Hello F5 Experts,
I am getting fatal ssl handshake failure(40) right after the server hello message from the Citrix Netscaler which sits and the vendor location. I can see in wireshark that the TLS...
- Jun 25, 2018
can you change Secure Negotiation to Request and test
Ajit
Jul 04, 2018Altostratus
Hello Anesh,
Your answer is correct. After making the requested changes the issue got resolved. Thanks for your help! 🙂
I want to highlight few points with which it was confirmed that this is an HSTS issue:
1) Warning message in the LB logs as below:
18:40:24 LBNAME warning tmm1[23850]: 01260017:4: Connection attempt to insecure SSL server (see RFC5746) aborted: 10.104.40.136:443
2) Openssl command which clearly indicates the problem:
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 1024 bit
-->> Secure Renegotiation IS NOT supported <<--
Compression: NONE
Expansion: NONE
Also, the same problem has been highlighted in K13860
Regards,
Ajit
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects