Forum Discussion

Nimbostratus

Oct 14, 2015

TCP RST instead of Server Hello during SSL Handshake

Hi All, Been troubleshooting an issue with a customer after they made changes server side to disable SSLv2 and SSLv3 etc and to only accept ciphers for TLS1.1 and TLS1.2 By default they wer...

application delivery

availability

BIG-IP Access Policy Manager (APM)

Nimbostratus

Oct 15, 2015

Thanks Kevin,

The list of ciphers the customer set on their server were not compatible with the current version of Big-IP we are running.

Customer rolled back their changes and it started completing the SSL Handshake.

The reason there's such a large number of ciphers in the Client Hello is because the cipher list is set to DEFAULT which obviously covers a large number of possible ciphers.

Hopefully upgrading from 11.4.1 to 11.6 will fix the issue once the customer makes the change again.

Thanks again

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)