Forum Discussion

Yogeshf5Learn_3's avatar
Yogeshf5Learn_3
Icon for Nimbostratus rankNimbostratus
Jul 24, 2018

TLS 1.2 Handshake Issue.

Hello. We had configured a 8 pool members, nodes were reachable but health checks where not happening. The F5 monitor daemon for SSL will start with a TLS1.2 handshake. If the server responds back and reports that it needs to downgrade to a lower TLS version (like TLS1) on the initial check, the daemon will then use that version from then on and not try TLS1.2 again. The application team change the TLS version to TLS1.2 and disable TLS1 which resulted in the new severs failing the monitor.The fix is to remove the monitor from the pool and add it back. Once that happens, it will start out with TLS1.2 and all was fine.

 

But this shouldn't have required manual procedure to carry out, rgt? LB should have negotiated the handshake procedure.

 

No RepliesBe the first to reply