Forum Discussion

Nimbostratus

Oct 24, 2016

TCP-Out-Of-Order Packets on new sha 2 certificates

Hi all, we just try using new sha2 certificates on the F5 LTM 12.0 and saw the errors below for one of our HTTPS web services. On the certificate ciphers we are keep it as DEFAULT. What could be miss...

application delivery

BIG-IP

Doran_Lum

Nimbostratus

Oct 24, 2016

Yes tcpdump on big-ip and no irules with default pool. 
Virtual server is standard and i tested with IE and chrome.
For SNAT, I have a SNAT list linked to this Virtual Server.

I see the result for openssl below and see that it couldn't detect or pick up the cert. But the certificates created are Web certs and their root certs already in F5. 

[adm@Host:Active:Changes Pending] ~  openssl s_client -connect 172.20.50.20:443
CONNECTED(00000003)
47898972639784:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 277 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)