Forum Discussion

ChrisFranklin_2's avatar
ChrisFranklin_2
Icon for Nimbostratus rankNimbostratus
Oct 14, 2015

TCP RST instead of Server Hello during SSL Handshake

Hi All,

 

Been troubleshooting an issue with a customer after they made changes server side to disable SSLv2 and SSLv3 etc and to only accept ciphers for TLS1.1 and TLS1.2

 

By default they were using the standard default https monitor for their pool and post making changes server side (i don't have access) the node is now not coming up. HTTP is fine but HTTPS is a problem.

 

We're running BIG-IP 11.4.0 (Build 2434.0)

 

I'm wondering if he's only enabled ciphers which aren't available in the current version of Big-IP we are using

 

Here's the SSLDUMP (cipher set to ALL):

 

1

 

1 - 1444809450.0879 (0.0024) C>SV3.1(114) Handshake ClientHello Version 3.1 random[32]= 56 1e 0a ea e4 11 03 df d1 77 92 83 da ec 1d 44 21 65 c2 20 97 25 40 53 75 d6 e5 c2 6b 1d 96 65 cipher suites TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Unknown value 0x46 Unknown value 0x45 Unknown value 0x44 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Unknown value 0xff compression methods unknown value NULL

 

1 - 1444809450.0884 (0.0004) S>C TCP RST

 

  • That's a pretty unusual cipher list. Just to put it into perspective:

    C>SV3.1(114) Handshake ClientHello 
        Version 3.1 
        random[32]= 56 1e 0a ea e4 11 03 df d1 77 92 83 da ec 1d 44 21 65 c2 20 97 25 40 53 75 d6 e5 c2 6b 1d 96 65 
        cipher suites 
            TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA 
            TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 
            TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA 
            TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 
            Unknown value 0x46 (TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA)
            Unknown value 0x45 (TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA)
            Unknown value 0x44 (TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA)
            TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 
            TLS_DH_anon_WITH_AES_256_CBC_SHA 
            TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
            TLS_DHE_DSS_WITH_AES_256_CBC_SHA 
            TLS_RSA_WITH_AES_256_CBC_SHA 
            TLS_DH_anon_WITH_AES_128_CBC_SHA 
            TLS_DHE_RSA_WITH_AES_128_CBC_SHA 
            TLS_DHE_DSS_WITH_AES_128_CBC_SHA 
            TLS_RSA_WITH_AES_128_CBC_SHA 
            TLS_DH_anon_WITH_3DES_EDE_CBC_SHA 
            TLS_DH_anon_WITH_DES_CBC_SHA 
            TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA 
            TLS_DH_anon_WITH_RC4_128_MD5 
            TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 
            TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 
            TLS_DHE_RSA_WITH_DES_CBC_SHA 
            TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 
            TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 
            TLS_DHE_DSS_WITH_DES_CBC_SHA 
            TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA 
            TLS_RSA_WITH_3DES_EDE_CBC_SHA 
            TLS_RSA_WITH_DES_CBC_SHA 
            TLS_RSA_EXPORT_WITH_DES40_CBC_SHA 
            TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 
            TLS_RSA_WITH_RC4_128_SHA 
            TLS_RSA_WITH_RC4_128_MD5 
            TLS_RSA_EXPORT_WITH_RC4_40_MD5 
        Unknown value 0xff (TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
        compression methods unknown value NULL
    
    S>C TCP RST
    

    The "unknown" cipher values can be derived from: http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml.

    In any case, since the server is sending an immediate reset after the client's ClientHello, the FIRST message in the SSL handshake, it may indicate a few things:

    1. The server isn't actually doing SSL

    2. The server doesn't support any of the ciphers from the client's list

    What do you have in the HTTPS monitor's Cipher List? And what cipher string are you using the server SSL profile?

    Possibly the best way to troubleshoot this is by simply trying to connect to the server from the BIG-IP command line using openssl s_client

    openssl s_client -connect [server IP:port]
    

    You should see what cipher is selected in this transaction (if it works at all). You can then go through your above cipher list and try each in turn with the -cipher option

    openssl s_client -connect [server IP:port] -cipher 'DHE-RSA-CAMELLIA128-SHA'
    

    Or even better, you can determine which ciphers are supported with this handy little script http://www.tuxad.de/scripts/ssltest.sh

  • Thanks Kevin,

     

    The list of ciphers the customer set on their server were not compatible with the current version of Big-IP we are running.

     

    Customer rolled back their changes and it started completing the SSL Handshake.

     

    The reason there's such a large number of ciphers in the Client Hello is because the cipher list is set to DEFAULT which obviously covers a large number of possible ciphers.

     

    Hopefully upgrading from 11.4.1 to 11.6 will fix the issue once the customer makes the change again.

     

    Thanks again