Why would a https monitor send two different Clienthello versions to different VIP pool members on the same box?

Question

I have two different fastl4 VIPs that are configured identical except for the IPs &amp; pool members.  They both use a https monitor with cipherlist DEFAULT:+SHA:+3DES:+kEDH.  One monitor marks the member up by connecting with TLSv1.2 the other will not and only come up if server side is set to TLS.  When I ran an SSLDUMP, I noticed the one working sends ClientHello Version 3.3, but the one not working sends ClientHello Version 3.1.  They are both on the same device, running 11.5.3 build 2.104.196 HF2.  Why would two different ClientHello versions be sent to different servers?  Any assistance would be much appreciated.
Thanks,
Dave&nbsp;

david__pasch · Answer

This is due to the server already negotiating a lower version. At that point the F5 will start with the previously negotiated version. &nbsp;
To reset this, remove the monitor from the pool and then re-apply. &nbsp;
David Pasch&nbsp;

Forum Discussion

Why would a https monitor send two different Clienthello versions to different VIP pool members on the same box?

Recent Discussions

Need Urgent BIGIP Trial License and VM Image

APM for banner and cert

How to Renew F5 Device Certificate

UCS backup not loading Big IP DNS pool

XC Bot defense question

Related Content

Copper SFP Differences

Http monitor on different port

Different ways Financial Services Institutions can deploy NGINX in Azure

Persistent and Persistence, What's the Difference?

Difference between Ratio and Ratio Least Connection Load Balancing Method

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS