TLS 1.2 Handshake Issue.

Hello. We had configured a 8 pool members, nodes were reachable but health checks where not happening. The F5 monitor daemon for SSL will start with a TLS1.2 handshake. If the server responds back and reports that it needs to downgrade to a lower TLS version (like TLS1) on the initial check, the daemon will then use that version from then on and not try TLS1.2 again. The application team change the TLS version to TLS1.2 and disable TLS1 which resulted in the new severs failing the monitor.The fix is to remove the monitor from the pool and add it back. Once that happens, it will start out with TLS1.2 and all was fine.

 

But this shouldn't have required manual procedure to carry out, rgt? LB should have negotiated the handshake procedure.