For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

LouisL-3_235765's avatar
LouisL-3_235765
Icon for Nimbostratus rankNimbostratus
Nov 26, 2015

SSL Termiation with load balancer occassionally causing SSL handshake exception

We are trying to achieve SSL termination using the LTM. The incoming connection from the router is using SSL (TLSv1.2) with client authentication to a virtual server with just the client SSL profile....
BIG-IP
LTM
security
ssl
termination
Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Nov 27, 2015

First, your subsequent connections will not try to resume the SSL session unless the client initiates as resumption by sending the session ID in the client Hello stating that it wants to resume the session. As for your error. Your client is the one terminating the handshake because of "Certificate Unknown". That is generally because of a chain issue. Ensure you are sending the proper chain certs to the client and then check that your client trusts the root of the chain you are sending.

 

  • LouisL-3_235765's avatar
    LouisL-3_235765
    Icon for Nimbostratus rankNimbostratus
    Nov 27, 2015
    Thanks for the information regarding the SSL session.The chain certs are correct and the client trusts the root of that chain, which is why it will work most of the time, it only gives us this error when the requests are sent in quick succession which is why this problem has baffled us.