SSL Renegotiation Error - HTTPS Health Check?

Question

Has anyone experienced an SSL Renegotiation Error being caused by an HTTPS Health Check?&nbsp;&nbsp;[02/Jun/2011:14:27:06] failure ( 5885): for host 10.10.10.2 trying to GET /index.html while trying to GET /, Client-Auth reports: HTTP4026: SSL opera&nbsp;tion failed (SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: SSL renegotiation is not allowed.)&nbsp;[02/Jun/2011:14:27:10] failure ( 5885): for host 10.10.10.3 trying to GET /, Client-Auth reports: HTTP4026: SSL operation failed (SSL_ERROR_RENEGOTIA&nbsp;TION_NOT_ALLOWED: SSL renegotiation is not allowed.)&nbsp;[02/Jun/2011:14:27:10] failure ( 5885): for host 10.10.10.3 trying to GET /index.html while trying to GET /, Client-Auth reports: HTTP4026: SSL opera&nbsp;tion failed (SSL_ERROR_RENEGOTIATION_NOT_ALLOWED: SSL renegotiation is not allowed.)&nbsp;&nbsp;&nbsp;&nbsp;

nitass · Answer

pool member requires ssl renegotiation, doesn't it? 
&nbsp;if so, what bigip version r u running? &nbsp;
&nbsp;there is bug id 338150 - https monitor needs ssl renegotiation enabled which is fixed in 10.2.1 hf1.

michael_yates · Answer

Nice.  Thank you! 
&nbsp;  
&nbsp; Yours is the best answer I could have hoped for!

brad_11440 · Answer

I may be running into this bug myself... I have an HTTPS monitor that is constantly marking the nodes as down/up again every 20 - 60 seconds.  I am running a version that is affected by the bug.  What logging settings do you need to have configured for Local Traffic Logging to see this error?

nitass · Answer

What logging settings do you need to have configured for Local Traffic Logging to see this error?i think the log Michael showed is from server. 
&nbsp;  
&nbsp; I may be running into this bug myselfi think node should always be marked down if you are hitting that bug. by the way, have you ever tried troubleshooting steps Aaron wrote in the following article? 
&nbsp;  
&nbsp; Troubleshooting Ltm Monitors by Aaron 
&nbsp; http://devcentral.f5.com/wiki/AdvDesignConfig.TroubleshootingLtmMonitors.ashx 
&nbsp;  
&nbsp; hope this helps.

brad_11440 · Answer

i think node should always be marked down if you are hitting that bug. i thought the bug happened after it was marked up due the initial connection, after the node tried to initiate the renegotiation.  the "ssl renegotiation is not allowed" message led me to believe it was on the f5, since the VIP had ssl renegotiation disabled to fix the tls vulnerability.&nbsp;by the way, have you ever tried troubleshooting steps Aaron wrote in the following article? Nope, I haven't seen that article yet.  Curl looks like it could set me free, potentially.  I'll give it a shot, thanks!&nbsp;

Forum Discussion

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

ASM attack signatures not syncing between active and standby F5

Query on source IP preservation for syslog traffic through F5 virtual server

Hardware BIG-IP appliance reach EOSS, but the software version running on it not yet?

VPN Communication Error with F5 BIG-IP Edge Client

simultaneous disabling / enabling of all LTM objects

Related Content

F5 Distributed Cloud (XC) - Origins & Health Checks

SSL Legacy Renegotiation vs Secure Renegotiation Explained using Wireshark

TCP Health Check.

SSL Profiles Part 6: SSL Renegotiation

Using F5 Distributed Cloud DNS Load Balancer health checks and DNS observability