Forum Discussion

Nimbostratus

Oct 14, 2015

TCP RST instead of Server Hello during SSL Handshake

Hi All, Been troubleshooting an issue with a customer after they made changes server side to disable SSLv2 and SSLv3 etc and to only accept ciphers for TLS1.1 and TLS1.2 By default they wer...

application delivery

availability

BIG-IP Access Policy Manager (APM)

Nimbostratus

Oct 15, 2015

Thanks Kevin,

The list of ciphers the customer set on their server were not compatible with the current version of Big-IP we are running.

Customer rolled back their changes and it started completing the SSL Handshake.

The reason there's such a large number of ciphers in the Client Hello is because the cipher list is set to DEFAULT which obviously covers a large number of possible ciphers.

Hopefully upgrading from 11.4.1 to 11.6 will fix the issue once the customer makes the change again.

Thanks again

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

TCP RST instead of Server Hello during SSL Handshake

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Need help with SSL handshake failure and client certificates

server side ssl - handshake error

Server Side SSL Handshake Failures

SSL handshake Failures and Fatal Errors through MIB

SSL handshake errors

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS