ssl handshake failure with backend server
Hi, I am trying to SSL termination to backend server using client profile and server profile.
This is the server profile:
- admin@(f5lab01-asm)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm profile server-ssl back-end-servers
-
ltm profile server-ssl back-end-servers {
alert-timeout 10
app-service none
authenticate once
authenticate-depth 9
authenticate-name none
ca-file none
cache-size 262144
cache-timeout 3600
cert none
chain none
ciphers SSLv3:SSLv3+RC4-SHA
crl-file none
defaults-from serverssl
expire-cert-response-control drop
generic-alert enabled
handshake-timeout 10
key none
mod-ssl-methods disabled
mode enabled
options none
peer-cert-mode ignore
proxy-ssl disabled
proxy-ssl-passthrough disabled
renegotiate-period indefinite
renegotiate-size indefinite
renegotiation disabled
retain-certificate true
secure-renegotiation require
server-name none
session-mirroring disabled
session-ticket disabled
sni-default false
sni-require false
ssl-forward-proxy disabled
ssl-forward-proxy-bypass disabled
ssl-sign-hash any
strict-resume disabled
unclean-shutdown enabled
untrusted-cert-response-control drop
}
the test with openssl
[admin@f5lab01-asm:Active:In Sync] ~ openssl s_client -host 192.168.0.1 -port 443 CONNECTED(00000003) 46963579710592:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 305 bytes
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE
The ssldump:
-
[admin@f5lab01-asm:Active:In Sync] ~ ssldump -Aed -k /config/filestore/files_d/Common_d/certificate_key_d/:Common:home.com.key_63567_1 -n -i internal host 192.168.0.1
New TCP connection 1: 192.168.0.63(36056) <-> 192.168.0.1(443)
1 1 1447104036.1652 (0.0008) C>SV3.0(87) Handshake
Any ideas that we need to change?
I am using 11.6 HF6.
Regards