Forum Discussion

  • Hi DeepakK, I guess this is an error generated by cURL when using the REST API, right? In case yes, are other requests to the API successful or is it just a specific one? Thanks, Stephan
  • Yes while Accessing my Application I am facing issue i am unable to access Via f5.

     

    [root@blr-bigip2:Active:Standalone] config curl -v -k https://192.168.52.49:1443/abc/services/listServices > ssl.text * About to connect() to 192.168.52.49 port 1443 (0) * Trying 192.168.52.49... connected * Connected to 192.168.52.49 (192.168.52.49) port 1443 (0) * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSLv3, TLS handshake, Client hello (1): } [data not shown] * SSLv3, TLS handshake, Server hello (2): { [data not shown] * SSLv3, TLS handshake, CERT (11): { [data not shown] * SSLv3, TLS handshake, Server finished (14): { [data not shown] * SSLv3, TLS handshake, Client key exchange (16): } [data not shown] * SSLv3, TLS change cipher, Client hello (1): } [data not shown] * SSLv3, TLS handshake, Finished (20): } [data not shown] * SSLv3, TLS change cipher, Client hello (1): { [data not shown] * SSLv3, TLS handshake, Finished (20): { [data not shown] * SSL connection using AES256-SHA256 * Server certificate: * subject: C=US; ST=California; L=Redwood City; O=abc Inc.; OU=Certificates; CN=*.corp.abc.com * start date: 2014-09-25 00:00:00 GMT * expire date: 2015-09-25 23:59:59 GMT * common name: *.corp.abc.com (does not match '192.168.52.49') * issuer: C=US; O=Thawte, Inc.; CN=Thawte SSL CA * SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.

     

    GET /abcsoap/services/listServices HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1e zlib/1.2.3 libidn/0.6.5 Host: 192.168.52.49:1443 Accept: /

     

    % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Closing connection 0

     

  • i think 104 is connection reset by peer. you may check who send reset first. ssldump may be useful.

     

  • Hi Stephan Manthey please find the ssl dump

     

    New TCP connection 1: 192.168.210.7(51326) <-> 192.168.211.234(9243) 1 1 0.0006 (0.0006) C>S Handshake ClientHello Version 3.3 cipher suites TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_SHA Unknown value 0xc028 Unknown value 0xc014 Unknown value 0xc027 Unknown value 0xc013 Unknown value 0xc012 Unknown value 0xff compression methods NULL 1 2 0.0039 (0.0032) S>C Alert level fatal value handshake_failure 1 0.0050 (0.0011) S>C TCP FIN 1 0.0051 (0.0001) C>S TCP RST

     

    • DeepakK_154002's avatar
      DeepakK_154002
      Icon for Nimbostratus rankNimbostratus
      Hi all i need help to resolve this issue. Kindly help me with this.