ssl handshake failure with backend server

The sever is IBM Webshere 6.1 when i am using Native this is the output: * New TCP connection 14: 192.168.0.63(42494) <-> 192.168.0.1(443)

 

14 1 1447162756.9137 (0.0008) C>SV3.3(215) Handshake

 

ClientHello

 

Version 3.3

 

random[32]=

 

5e 59 b6 e6 73 f5 6f de ba 99 6f 06 1b fb 9e e9

 

21 d6 03 9c ad 8d e1 6d 75 15 0b ba 6e be 46 a7

 

cipher suites

 

Unknown value 0xc030

 

Unknown value 0xc02c

 

Unknown value 0xc028

 

Unknown value 0xc024

 

Unknown value 0xc014

 

Unknown value 0xc00a

 

Unknown value 0xa3

 

Unknown value 0x9f

 

TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

 

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

 

TLS_DHE_DSS_WITH_AES_256_CBC_SHA

 

Unknown value 0xa7

 

TLS_DH_anon_WITH_AES_256_CBC_SHA

 

Unknown value 0xc032

 

Unknown value 0xc02e

 

Unknown value 0xc02a

 

Unknown value 0xc026

 

Unknown value 0xc00f

 

Unknown value 0xc005

 

Unknown value 0x9d

 

TLS_RSA_WITH_AES_256_CBC_SHA256

 

TLS_RSA_WITH_AES_256_CBC_SHA

 

Unknown value 0xc012

 

Unknown value 0xc008

 

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

 

TLS_DH_anon_WITH_3DES_EDE_CBC_SHA

 

Unknown value 0xc00d

 

Unknown value 0xc003

 

TLS_RSA_WITH_3DES_EDE_CBC_SHA

 

Unknown value 0xc02f

 

Unknown value 0xc02b

 

Unknown value 0xc027

 

Unknown value 0xc023

 

Unknown value 0xc013

 

Unknown value 0xc009

 

Unknown value 0xa2

 

Unknown value 0x9e

 

TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

 

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

 

TLS_DHE_DSS_WITH_AES_128_CBC_SHA

 

Unknown value 0xa6

 

TLS_DH_anon_WITH_AES_128_CBC_SHA

 

Unknown value 0xc031

 

Unknown value 0xc02d

 

Unknown value 0xc029

 

Unknown value 0xc025

 

Unknown value 0xc00e

 

Unknown value 0xc004

 

Unknown value 0x9c

 

TLS_RSA_WITH_AES_128_CBC_SHA256

 

TLS_RSA_WITH_AES_128_CBC_SHA

 

TLS_DH_anon_WITH_RC4_128_MD5

 

TLS_RSA_WITH_RC4_128_SHA

 

TLS_RSA_WITH_RC4_128_MD5

 

TLS_DHE_RSA_WITH_DES_CBC_SHA

 

TLS_DH_anon_WITH_DES_CBC_SHA

 

TLS_RSA_WITH_DES_CBC_SHA

 

TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA

 

TLS_RSA_EXPORT1024_WITH_RC4_56_SHA

 

TLS_RSA_EXPORT_WITH_DES40_CBC_SHA

 

TLS_RSA_EXPORT_WITH_RC4_40_MD5

 

Unknown value 0xff

 

compression methods NULL

 

14 1447162756.9144 (0.0007) S>C TCP FIN

 

14 1447162756.9146 (0.0001) C>S TCP RST * Whene i try to Default: * New TCP connection 6: 192.168.0.63(13306) <-> 192.168.0.1(443)

 

6 1 1447161846.9679 (0.0008) C>SV3.3(131) Handshake

 

ClientHello

 

Version 3.3

 

random[32]=

 

bb d4 c6 54 aa b6 c4 be be 54 4e a8 12 39 63 7d

 

12 9a c2 d0 fa 70 54 b6 cf 96 d6 cf b1 8f e8 22

 

cipher suites

 

Unknown value 0x9f

 

Unknown value 0x9e

 

TLS_DHE_RSA_WITH_AES_256_CBC_SHA

 

TLS_DHE_RSA_WITH_AES_128_CBC_SHA

 

TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA

 

Unknown value 0x9d

 

Unknown value 0x9c

 

TLS_RSA_WITH_AES_256_CBC_SHA256

 

TLS_RSA_WITH_AES_256_CBC_SHA

 

TLS_RSA_WITH_AES_128_CBC_SHA256

 

TLS_RSA_WITH_AES_128_CBC_SHA

 

TLS_RSA_WITH_3DES_EDE_CBC_SHA

 

Unknown value 0xc030

 

Unknown value 0xc02f

 

Unknown value 0xc028

 

Unknown value 0xc014

 

Unknown value 0xc027

 

Unknown value 0xc013

 

Unknown value 0xc012

 

Unknown value 0xff

 

compression methods

 

NULL

 

6 1447161846.9688 (0.0008) S>C TCP FIN

 

6 1447161846.9689 (0.0000) C>S TCP RST Regards

Out of interest, does a default HTTPS monitor work on the backend pool member? Can you connect to the backend pool member directly without going via the F5 i.e. the SSL Handshake works then?

Your server is FINing the SSL hanshake. It is either expecting a client cert or doesn't understand TLSv1.2 client HELLO. Can you get the SSL configuration from your WebSphere admins?

I fixed the issue using only cipher TLSv1 and it worked. I used this command to validate which ciphers server accept. openssl s_client -host 192.168.0.1 -port 443 -tls1

That's where I was going. I'm glad its working now.