For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

refra_151287's avatar
refra_151287
Icon for Cirrus rankCirrus
Sep 03, 2015

SSL RST Server side

Hi, I have HTTPS-HTTPS virtual server, the connection between the client and the VS it seems fine (3WHS completed and SSL Handshake is negotiated and sent application data) But regarding to server-side connection the server RSTs the traffic after the F5 sends the client-hello. actually I don't know why server RSTs the F5 SSL hasndshake.

[root@TE:Active:In Sync] config  ssldump -nni 0.0  -Aed host 10.19.251.10 and port 443
New TCP connection 1: 10.19.248.10(40910) <-> 10.19.251.10(443)
1 1  1441266837.4733 (0.0025)  C>SV3.3(77)  Handshake
      ClientHello
        Version 3.3
        random[32]=
          44 b8 70 be f3 b9 72 01 92 1f b6 b6 05 f4 ad 15
          db 46 a9 6a 5f aa b4 c7 79 cf 47 04 22 b8 18 eb
        cipher suites
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA256
        TLS_RSA_WITH_AES_256_CBC_SHA256
        Unknown value 0xc013
        Unknown value 0xc014
        Unknown value 0xc012
        Unknown value 0xff
        compression methods
                  NULL
1    1441266837.4740 (0.0007)  S>C  TCP RST
application delivery
ASM Advanced WAF
deployment
LTM
microsoft
security

1 Reply

  • arpydays's avatar
    arpydays
    Icon for Nimbostratus rankNimbostratus
    Sep 03, 2015

    It's possible the server can't find a compatible cipher suite although I would have expected a failure response. Have a look at server logs also determine what cipersuites your server will accept, try connecting from the F5 directly using curl or openssl s_client and run openssl see if you can connect with a broader suite.

     

    cheers