Forum Discussion
To me it looks like you're not using an f5-ansible module but the built-in ansible.builtin.raw module. Furthermore the output looks more or less complete as the error is the last thing that curl will print on failure.
You can try to use curls --ciphers option to avoid this error (e.g. curl -vvvk --ciphers ' ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:!DH:@STRENGTH' "https://{{VIP_IP[1]}}:{{VIP_PORT}}" ).
As well, you can consider to use the f5networks.f5_modules.bigip_command as it is F5s way to execute commands.
but when we un this command directly on f5 cli , we get complete output ..
- Blue_whaleFeb 10, 2022Cirrocumulus
thanks chrros95 , below command worked .
curl -vvvk --ciphers ' ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:!DH:@STRENGTH' https://192.168.100.13:9443
- Blue_whaleFeb 10, 2022Cirrocumulus
can you please tell me what exactly --ciphers ' ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:!DH:@STRENGTH' this command does ..
- chrros95Feb 14, 2022Altostratus
With this command the ciphers that curl is allowed to use are selected. First all possible ciphers are selected (ALL) and then some weak ciphers (!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4) are excluded. By excluding all Diffie-Hellman ciphers (!DH) we address the issue that curl is mentioning. The last thing (@STRENGTH) is to sort the ciphers according to their strength.
For more information about building cipher string read, for example https://www.openssl.org/docs/man1.0.2/man1/ciphers.html
- chrros95Feb 14, 2022Altostratus
The raw command does what it says - it does it as raw as possible so it's basically a ssh user@bigip curl -vvk "https://{{VIP_IP[1]}}:{{VIP_PORT}}". May be it's a missing environment variable or so. But as I can't reproduce it, I'm not completely sure.