SSLDump issues: ERROR: Length mismatch

Question

I am trying to debug some SSL handshake errors and it seems ssldump is different enough on the LTMs to make me a bit nuts. After a few seconds it dies with: ERROR: Length mismatch. The entire interwebs say this is because it needs a '-s 0' command line switch which the F5 version of ssldump doesn't have. Any ideas how to capture more than a few seconds of traffic?

mark_van_d · Answer

Check out this article from AskF5:  https://support.f5.com/kb/en-us/solutions/public/10000/200/sol10209.html&nbsp;

bubbagump_12531 · Answer

That is what I was afraid would be the solution as I was trying to avoid the tcpdump then feed into ssldump method. Ah well, seems that is the only option. Thanks!&nbsp;

canttalkeating · Answer

Hi Bubbagump 12531,  &nbsp;I'm probably about 4 years late to this party but if you're just tshooting an SSL negotiation issue then running #ssldump -i vlan_100_internal host 10.0.100.41 would give you a continuous feed of SSL negotiation activity to the console for analysis&nbsp;If wanting to examine within Wireshark then the -s0 flag would be required to allow the ssldump to be ran against the packet capture as it requires the whole packet to be available

Forum Discussion

SSLDump issues: ERROR: Length mismatch

3 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5OS login with admin/root failed via console

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Unblock Request WAF

Share what you learned on DevCentral in 2025

Failing over Virtual F5 VE to DR location using Zerto

Related Content

SSL protocol mismatch

Troubleshooting TLS Problems With ssldump

Cipher suite mismatch advertisement/warning

Regex issue

Giving back to the Dev Community: ssldump data decrypt

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS