Forum Discussion

Cirrus

Oct 04, 2023

Solved

SSL protocol mismatch

Ok, I ended up way down a rabbit hole earlier this week. That whole line of thought seemed to be a red herring. BigIP LTM trying to load balance to MS Navision servers which don't use standard 80 o...

application delivery

LTM

ssl

Paulius
Oct 05, 2023
irbk That is correct. Unless you have some way of the F5 being able to look for a value in the client request that would define if it was intended to be SSL or not you would have to split SSL and non-SSL into two different VS listening on different ports on the F5 side that is client facing.

irbk

Cirrus

Oct 05, 2023

Yes, this is 100% correct. Traffic starts out as just regular TCP traffic and then changes to TLS anc continues as both TLS and TCP traffic. Here is wireshark output from a good connection (SSL passthrough).

You can see that the communication that's going on is both TCP and TLS traffic on the same port. So are you saying the F5 is incapable of SSL bridging in this situation?

Paulius

MVP

Oct 05, 2023

irbk That is correct. Unless you have some way of the F5 being able to look for a value in the client request that would define if it was intended to be SSL or not you would have to split SSL and non-SSL into two different VS listening on different ports on the F5 side that is client facing.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)