Forum Discussion
johtte_168100
Nov 09, 2015Nimbostratus
ssl handshake failure with backend server
Hi, I am trying to SSL termination to backend server using client profile and server profile.
This is the server profile:
admin@(f5lab01-asm)(cfg-sync In Sync)(Active)(/Common)(tmos) list ...
Brad_Parker
Nov 09, 2015Cirrus
Looks like the server doesn't support any of the ciphers you are offering in your server SSL profile. What kind of server is it on the backend? Do you know what ciphers it supports? Have you tried using something more broad like DEFAULT or NATIVE for your cipher string to find out what it can negotiate?
- johtte_168100Nov 10, 2015NimbostratusThe sever is IBM Webshere 6.1 when i am using Native this is the output: * New TCP connection 14: 192.168.0.63(42494) <-> 192.168.0.1(443)
- natheNov 10, 2015CirrocumulusOut of interest, does a default HTTPS monitor work on the backend pool member? Can you connect to the backend pool member directly without going via the F5 i.e. the SSL Handshake works then?
- Brad_ParkerNov 10, 2015CirrusYour server is FINing the SSL hanshake. It is either expecting a client cert or doesn't understand TLSv1.2 client HELLO. Can you get the SSL configuration from your WebSphere admins?
- johtte_168100Nov 10, 2015NimbostratusI fixed the issue using only cipher TLSv1 and it worked. I used this command to validate which ciphers server accept. openssl s_client -host 192.168.0.1 -port 443 -tls1
- Brad_ParkerNov 10, 2015CirrusThat's where I was going. I'm glad its working now.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects