F5 LTM version 12.1.2 HTTPS monitor uses TLSv1 - No Client and server SSL profile
I need suggestion to fix the issue i'm facing.
Device details: Version 12.1.2, Build 1.0.271, Edition Hotfix HF1
1. No Client and Server SSL profile associated to 'Standard' Vs.
2. Pool member is on 443 port and associated HTTPS monitor.
3. Ciphers - DEFAULT:+SHA:+3DES:+kEDH and under 'Client Cert' and 'Client Key' i have tried using different SSL cert. Still same error and same issue in pcap.
4. Im seeing F5 using TLSv1 protocol for 'Client Hello' in PCAP and server is not responding with 'Server Hello', Server send RST message immediately.
Openssl and curl o/p is as below:
>>Used ab.c.d for my pool member IP.
Command 1 - # openssl s_client -connect a.b.c.d:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 277 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Command 2: # curl -I https://a.b.c.d/ForwardSearchOrderSend.svc
curl: (35) Unknown SSL protocol error in connection to a.b.c.d:443
Command 3: # curl -Ivk https://a.b.c.d/ForwardSearchOrderSend.svc
* About to connect() to a.b.c.d port 443 (#0)
* Trying a.b.c.d... connected
* Connected to a.b.c.d (a.b.c.d) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to a.b.c.d:443
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to a.b.c.d:443
5. I have checked below articles- Still no use.
https://community.f5.com/t5/technical-forum/f5-health-monitor-suddenly-use-tlsv1/td-p/213711
6. To check with server team about server cert, They rasied question about F5 using 'TLS v1' for 'Client Hello'.
7. Server has Private Interface and Public Interface. Via Public Interface HTTP monitor is working for one application. We want to monitor different App using HTTPS via Private interface.
Can someone suggest whats casuing HTTPS to fail as its old version and no SSL profile, im bit confused.