Troubleshooting TLS Problems With ssldump
Introduction
Transport Layer Security (TLS) is used to secure network communications between two hosts. TLS largely replaced SSL (Secure Sockets Layer) starting in 1999, but many browsers still pr...
Published Oct 14, 2010
Version 1.0
Ajit
Altostratus
AltostratusHello George,
I am getting fatal ssl handshake failure(40) right after the server hello message. I can see in wireshark that the TLS protocol & ciphers are matching so not sure what else it could be. The serverssl profile is failing and the party on the other side has Citrix netscaler. We have F5 LTM at our end.Also, the citrix netscaler presents a wildcard cert to us. Could that be a problem for the F5?
New TCP connection 7: 10.104.41.138(56218) <-> 10.104.40.136(443)
7 1 1529673027.5089 (0.0001) C>SV3.1(121) Handshake
ClientHello
Version 3.3
random[32]=
46 f9 98 03 10 6c 14 84 4f 11 4e 81 f0 a0 92 dd
15 07 84 70 8c c4 94 c4 4d 2c ee 76 df d3 34 32
cipher suites
Unknown value 0xc02f
Unknown value 0xc030
Unknown value 0x9c
Unknown value 0x9d
Unknown value 0xc027
Unknown value 0xc028
Unknown value 0xc013
Unknown value 0xc014
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0xc012
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xff
compression methods
NULL
3 2 1529673027.5333 (0.0299) S>CV3.3(74) Handshake
ServerHello
Version 3.3
random[32]=
5b 2c f5 46 8d 5d 9a 7e 02 10 6e 1c 90 3f d6 02
cb 4c be 17 cb 7c 0c 1f 55 c8 77 fc bd 85 21 88
session_id[32]=
73 0d 48 68 8d da 73 e5 77 07 3a dc 47 a2 51 40
88 32 a2 3e d6 5c 3a 6b 4e dc c8 2c 28 d2 3c 27
cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
3 3 1529673027.5333 (0.0000) C>SV3.3(2) Alert
level fatal
value handshake_failure
2 1529673027.5333 (0.0306) S>C TCP RST
3 1529673027.5334 (0.0000) C>S TCP RST
Please advise.
Regards,
Ajit