Forum Discussion

pjcampbell_7243's avatar
pjcampbell_7243
Icon for Cirrus rankCirrus
Feb 01, 2017

The underlying connection was closed: An unexpected error occurred on a receive

I have a 2008 IIS server with .NET1.1 framework client to another 2008 server through LTM Virtual server with SSL offloading.   Whenever the .NET client tries to talk to the Virtual I get a "The ...
application delivery
BIG-IP
LTM
  • pjcampbell_7243's avatar
    pjcampbell_7243
    Mar 02, 2017

    This was worked around by enabling the client ssl option "Don't insert empty fragments". Seems to have something to do with CBC ciphers

     

    Apparently this option is supposed to be enabled by default but on our system it is "options none" on the default client ssl profile. I suspect it has something to do with us maintaining the same config since v7 or v8 and upgrading on top over the years to v9 v10 and then v11.

     

    Interestingly with it breaking from v10 to v11. I still have old configs from our v10 setup and it's options none there also.... This doesn't seem to be a new option.

     

Patrik_Jonsson's avatar
Patrik_Jonsson
Icon for MVP rankMVP
Feb 02, 2017

This is one of those, "I wouldn't do it myself moments", but have you tried to use COMPAT as cipher string? It'll let you go as low as SSL2.

 

Also, have you verified that the client actually uses HTTPS? If the LB is doing offloading chances are that the server is not using any secure bindings? If you'd remove the profiles in that case it'd work while adding them would make the connection fail (as the client talks HTTP when the LB expects SSL initiation).

 

/Patrik