Forum Discussion
>> If far end server doenst have ciphers which we support, do we get 'Server Hello' or we get RST? I just got confirmed with server team that same certificate is installed on server for 4 Apps. HTTPS connections working for other HTTPS communications. But not for F5 HTTPS monitor.
>> If i change the monitor to TCP, it works, URL is accesible via HTTPS. Its just that F5 HTTPS monitor not working.
Suggestions to check further are welcome.
On my mobile again. You're confusing ciphers with certificates.
Very simplified but think of if it as certificates being the secrets and the ciphers as the method of how these secrets are exchanged and how they're encrypted.
Thus a servers can use the same certificates but use different ways of handling the key exchange.
You're using an old version of TMOS and you need to figure out why the server does not accept your TLS handshake.
The best way to do that would be to check these things:
- Which cipher suite is the server using?
- Does it depend on SNI?
You can see at least one of the server ciphers by doing the following:
- Set the monitor to TCP
- Determine at least one cipher by capturing the session or by using the script that this clever guy wrote: https://superuser.com/questions/109213/how-do-i-list-the-ssl-tls-cipher-suites-a-particular-website-offers
Again, you're running an old version and a quick Googling told me that SNI support did not come until v13.
Good luck with the hmcioher hunt. Looking forward to the solution to this mystery!
- Aug 27, 2022
Don't leave me hanging now. Any updates? 🙂
- Sep 09, 2022
Still waiting buddy. 🙂
/Patrik
- HM_U333Sep 09, 2022Cirrus
Sorry my friend. Above observation is sent to IIS server team. They sent to MS for analysis. Once i grave update i will provide here. As of now its server side issue wt i understand.