Forum Discussion
johtte_168100
Nimbostratus
Nimbostratusssl handshake failure with backend server
Hi, I am trying to SSL termination to backend server using client profile and server profile.
This is the server profile:
admin@(f5lab01-asm)(cfg-sync In Sync)(Active)(/Common)(tmos) list ...
Brad_Parker_139
Nacreous
NacreousLooks like the server doesn't support any of the ciphers you are offering in your server SSL profile. What kind of server is it on the backend? Do you know what ciphers it supports? Have you tried using something more broad like DEFAULT or NATIVE for your cipher string to find out what it can negotiate?
johtte_168100Nimbostratus
NimbostratusThe sever is IBM Webshere 6.1 when i am using Native this is the output:
* New TCP connection 14: 192.168.0.63(42494) <-> 192.168.0.1(443)
14 1 1447162756.9137 (0.0008) C>SV3.3(215) Handshake
ClientHello
Version 3.3
random[32]=
5e 59 b6 e6 73 f5 6f de ba 99 6f 06 1b fb 9e e9
21 d6 03 9c ad 8d e1 6d 75 15 0b ba 6e be 46 a7
cipher suites
Unknown value 0xc030
Unknown value 0xc02c
Unknown value 0xc028
Unknown value 0xc024
Unknown value 0xc014
Unknown value 0xc00a
Unknown value 0xa3
Unknown value 0x9f
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Unknown value 0xa7
TLS_DH_anon_WITH_AES_256_CBC_SHA
Unknown value 0xc032
Unknown value 0xc02e
Unknown value 0xc02a
Unknown value 0xc026
Unknown value 0xc00f
Unknown value 0xc005
Unknown value 0x9d
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0xc012
Unknown value 0xc008
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc00d
Unknown value 0xc003
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc02f
Unknown value 0xc02b
Unknown value 0xc027
Unknown value 0xc023
Unknown value 0xc013
Unknown value 0xc009
Unknown value 0xa2
Unknown value 0x9e
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
Unknown value 0xa6
TLS_DH_anon_WITH_AES_128_CBC_SHA
Unknown value 0xc031
Unknown value 0xc02d
Unknown value 0xc029
Unknown value 0xc025
Unknown value 0xc00e
Unknown value 0xc004
Unknown value 0x9c
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DH_anon_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_RC4_128_MD5
TLS_DHE_RSA_WITH_DES_CBC_SHA
TLS_DH_anon_WITH_DES_CBC_SHA
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
Unknown value 0xff
compression methods NULL
14 1447162756.9144 (0.0007) S>C TCP FIN
14 1447162756.9146 (0.0001) C>S TCP RST * Whene i try to Default: * New TCP connection 6: 192.168.0.63(13306) <-> 192.168.0.1(443)
6 1 1447161846.9679 (0.0008) C>SV3.3(131) Handshake
ClientHello
Version 3.3
random[32]=
bb d4 c6 54 aa b6 c4 be be 54 4e a8 12 39 63 7d
12 9a c2 d0 fa 70 54 b6 cf 96 d6 cf b1 8f e8 22
cipher suites
Unknown value 0x9f
Unknown value 0x9e
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0x9d
Unknown value 0x9c
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xc030
Unknown value 0xc02f
Unknown value 0xc028
Unknown value 0xc014
Unknown value 0xc027
Unknown value 0xc013
Unknown value 0xc012
Unknown value 0xff
compression methods
NULL
6 1447161846.9688 (0.0008) S>C TCP FIN
6 1447161846.9689 (0.0000) C>S TCP RST Regards