Forum Discussion

cymru81's avatar
Icon for Altocumulus rankAltocumulus
Aug 20, 2021

SSL reverse proxy

Looking for some advice please. We'd like to reverse proxy an internal server via a public ip address.


public VIP has a public certificate issued via a well known CA (client ssl profile) and is listening on port 443, this passes to a pool containing our internal server also on port 443 but this site is using an internal self-signed cert that doesnt match the public cert.


LTM logs show the following when client on the internet tries to connect:


SSL Handshake failed for TCP -> -> Connection error: ssl_hs_rxhello:10784: alert(70) unsupported version


Is there any config we can do to make this work?

5 Replies

  • oguzy's avatar
    Icon for Cirrostratus rankCirrostratus

    Hi cymru81,


    As your internal server listens on port 443, have you assigned a server ssl profile like serverssl-insecure-compatible?

  • Hi oguzy, yes they are listening, i assigned the profile "serverssl" and still doesnt work as expected?

  • yes lots of others VS using same profile without issue. works fine in a browser and renders ok, wondering if the self signed and public cert is the cause of the issues?

    • oguzy's avatar
      Icon for Cirrostratus rankCirrostratus



      If you have assigned serverssl-insecure-compatible for the server ssl profile, self signed cert should not be an issue.