Client Hello TLS version issue in only one Pool Member.
We have a VIP of 1.1.1.1:443 and Pool having 2 pool members(1.1.1.10:443 and 1.1.1.20:443) and currently running fine on array load balancer.
Having encrypted session on both client side and server side.
Android mobile Application server is configured to allow only TLS1.2 traffic.
As soon as traffic was shifted to our F5 device(LTM & ASM) we are facing below issue as viewed in wireshark after tcpdump.
F5 VIP 1.1.1.1:443 >TLS1.1>ClientHello> 1.1.1.10:443
1.1.1.10:443 >TCP_RST> 1.1.1.1:443
Application server is sending RST back to F5 due to TLS 1.1 not allowed.
F5 VIP 1.1.1.1:443 >TLS1.2>ClientHello> 1.1.1.20:443
Application server is accepting and traffic is processed successfully.
Due to above issue, all user traffic is handled by only one server and hence we are facing issues.
LB Method=Least Connection, Persistence=SourcePersistence,SSL Client & Server Profile,SNAT=Yes, map to VIP
Wanted to understand why F5 is sending Client Hello of TLS 1.1 to 1st pool member and TLS 1.2 to 2nd pool member, during initial stage in same Pool ?
Can anybody help me to understand the exact issue faced here and provide solution ?