Forum Discussion

Nimbostratus

Nov 19, 2014

ssl handshake issue

Hi, All: When I debug ssl issue, I saw following errors, I saw f5 has a doc. for the error code, but I could not find it.. What cause "unsupported version (40)", and what cause SSL handsha...

application delivery

LTM

Skye_85590

Nimbostratus

Nov 24, 2014

You probably did something like disabling SSLv3 then a client tried to do an ssl3 handshake:

This is actually the default behavior for the default ('DEFAULT') cipher ordering under 11.6.0 HF1 where I tested. I was using this command against a virtual server from the standby unit, forcing ssl3: openssl s_client -connect 172.24.76.79:443 -ssl3

SSL in debug does not give much detail but it is evident in captures:

Nov 24 19:50:19 drkraken debug tmm1[11366]: 01260009:7: Connection error: ssl_hs_rxhello:6147: unsupported version (40) Nov 24 19:50:19 drkraken info tmm1[11366]: 01260013:6: SSL Handshake failed for TCP 172.24.76.70:44545 -> 172.24.76.79:443

Capture shows the sslv3 handshake attempt and subsequent (error 40).

52014-11-24 19:53:36.519200172.24.76.7044195172.24.76.79443SSLv3304IN s1/tmm3 : Client Hello

62014-11-24 19:53:36.519233172.24.76.79443172.24.76.7044195SSLv3173OUT s1/tmm3 : Level: Fatal, Description: Handshake Failure)

Logically, I was able to get a successful handshake by enabling ssl3 explicitly on the client-ssl profile in use.

Cheers!

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)