Forum Discussion

pstavr's avatar
pstavr
Icon for Cirrus rankCirrus
Jan 24, 2020
Solved

F5 Server SSL Profile using TLS 1.0 instead of TLS 1.2

Hi   I have an F5 virtual server that does SSL inspection so it has a client ssl profile and a server ssl profile. The backend server is running on a Windows Server 2019 / IIS and it only accepts...
  • pstavr's avatar
    Jan 31, 2020

    Hi all.

     

    I found the root cause. The problem was related to the .NET app using SNI. By default the F5 doesn't do that.

    https://devcentral.f5.com/s/articles/ssl-profiles-part-7-server-name-indication

     

    So basically I just followed the fix in the above article, I defined a server name and the backend service started sending Server Hello etc. Everything works fine now!

     

    Thank you all for your responses, as quite a few of them were helpful on identifying that the issue is with the app, and I could also spot a few things that were not proper on the negotiation part.