Forum Discussion
CirrusF5 LTM version 12.1.2 HTTPS monitor uses TLSv1 - No Client and server SSL profile
CirrusHello Patrick,
'Client hello' has same ciphers and Verson when compared with working and non-working. PFA snap. There are working HTTPS monitor. If you see previous snap, F5 Client Hello is via TLSv1. Why is that? There is no Server SSL profile, so In 12.1.2 version where can we control procol for SSL for HTTPS monitor?
Any suggestions?
Left-Non Working --- Right-Working.
Sorry for the short reply, I'm not by my PC. Working and not working above is two different servers and the f5 is the client right?
What I was requesting was a Server hello from the one that does not respond to the F5s monitors, but from another more modern client, like a Linux server with a newer version of curl.
This issue could also be missning SNI info in the F5 monitor requests. I'd focus on the server cipher settings and I'd also check if the server needs SNI To route requests to the correct service.
- HM_U333
>> Working and not working above is two different servers and the f5 is the client right?
--- Yes. 2 different pool member, same F5 client. Related to 2 different VIP. Both using HTTPS monitor.
>>This issue could also be missning SNI info in the F5 monitor requests. I'd focus on the server cipher settings and I'd also check if the server needs SNI To route requests to the correct service.
> Thanks for this, Im checking Ciphers. We dont have serverssl profile. How do we use SNI here?
