Forum Discussion

pjcampbell_7243's avatar
pjcampbell_7243
Icon for Cirrus rankCirrus
Feb 01, 2017

The underlying connection was closed: An unexpected error occurred on a receive

I have a 2008 IIS server with .NET1.1 framework client to another 2008 server through LTM Virtual server with SSL offloading.   Whenever the .NET client tries to talk to the Virtual I get a "The ...
application delivery
BIG-IP
LTM
  • pjcampbell_7243's avatar
    pjcampbell_7243
    Mar 02, 2017

    This was worked around by enabling the client ssl option "Don't insert empty fragments". Seems to have something to do with CBC ciphers

     

    Apparently this option is supposed to be enabled by default but on our system it is "options none" on the default client ssl profile. I suspect it has something to do with us maintaining the same config since v7 or v8 and upgrading on top over the years to v9 v10 and then v11.

     

    Interestingly with it breaking from v10 to v11. I still have old configs from our v10 setup and it's options none there also.... This doesn't seem to be a new option.

     

Vijay_E's avatar
Vijay_E
Icon for Cirrus rankCirrus
Feb 01, 2017

I am guessing the .NET server's SSL ciphers don't work with F5's default ciphers. I am thinking probably it has something to do with SSLv3 being un-supported in recent F5 code versions. You may have to change the cipher settings on the SSL profile to make sure that it is compatible with the .NET server. Also, check the F5 logs to see if you are seeing any specific SSL errors.

 

K17370 - F5 default ciphers for 12.x