Forum Discussion
rolf
Cirrus
CirrusTCL error: _cgc_pick_clientside
Hi,
in an ASM-LTM (Perimeter) Setup I see frquently the following logs:
***err: tmm3[19962]: 01220001:3: TCL error: _cgc_pick_clientside - unknown cgc sni: f5-bei1.xxxx.xx (line 49) invoked from within "CGC::sni $tls_servername"***
Any idea what this TCL error causes? The clientssl is quite Basic: one certificate chain, no Server Name set.
Thanks, Rolf
Steve_MCNimbostratus
I found this page searching for an answer to the exact question was asking, kept searching, and was eventually able to find this Support Solution:
https://support.f5.com/csp/article/K54469707
It mentions that this is actually a big3d error and sure enough, when I checked /var/log/gtm I found SSL Error messages that matched up with these /var/log/ltm messages. Even better, the /var/log/gtm messages list the IP that these connections are coming from, which in my case turned out to be one of our internal security appliances doing a scan.
- Greg_Jewett
I too am getting a very similar error. It is definitely a error executing iRule code, but I can not find the iRule.
err tmm[10782]: 01220001:3: TCL error: _cgc_pick_clientside <CLIENT_DATA> - bad option "-31744": must be -exact, -glob, -regexp, or -- while executing "switch $tls_version { "769" - "770" - "771" { if { ($tls_xacttype == 22) } { ..." 
SamirMVP
, Have you executed any scanning to Management IP/Self-IP. Looks some scanning you have performed..
- Greg_Jewett
Not sure what you mean, but - now that I look back at my own post, I believe this is a very simple error - there was a value of "-31744" that was sent to a switch statement that did not have a corresponding matching value. Maybe this is a default log message to spell out the fact that not match was found and a default option was not given to choose. The other meaning could mean that the value "-31744" was completely invalid for a switch statement, that it needs to be a positive value or within a specific range.
These are just hypothesis's.
