Forum Discussion

Nimbostratus

Jan 17, 2011

SSL serverside cipher mismatch

In a hardware-based 10.2(+HF2) LTM installation, LTM cannot negotiate cipher with an IIS6 server (ssldump reports a TCP close sequence after client hello). Default https monitor reports TLS...

config

design

hooleylist

Cirrostratus

Jan 19, 2011

The monitoring daemon, bigd, probably does not use the native TMM SSL stack. So I think you're right on it using the openssl ciphers. I'm surprised that using COMPAT (openssl ciphers) in the client SSL profile wouldn't work if the monitor succeeds.

It might be worth opening a support case on this as they'll be able to test directly with you.

Aaron

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL serverside cipher mismatch

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

Cipher suite mismatch advertisement/warning

SSL protocol mismatch

Serverside SNI injection iRule

Display a warning on client browser when cipher suite mismatch

behavior of SSL::disable serverside

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS