HTTPS Monitor fails after changing TLS Version

kgaigl · ‎08-Dec-2021

Hello,

following problem:

we've some pools with https monitors like this:

send string:GET /some/pingservlet HTTP/1.0\r\n\r\n
receive string: 200 OK

no alias service port, no server ssl-profile

now the server admin changed on the server from apache with tls 1.0 to tomcat with tls 1.2

after that the monitor fails, but when I change on the pool the monitor to tcp or something like this, the server is up and now I change the monitor back to the original https monitor, the server is still up

when I check with curl -vk when the Server marks down i could still see "HTTP/1.1 200 OK"

Any idea, why the the monitor fails and after change and change back the monitor shows up?

Thank You

kgaigl · ‎09-Dec-2021

f***

I think I've found the cause:

https://cdn.f5.com/product/bugtracker/ID953601.html

View solution in original post

kgaigl · ‎08-Dec-2021

I forgot: Version is 14.1.4.4

kgaigl · ‎09-Dec-2021

f***

I think I've found the cause:

https://cdn.f5.com/product/bugtracker/ID953601.html

Karthick1 · ‎09-Dec-2021

Please add the http version 1.1 and host header in send sting keep receive string as same.

Example :

GET /some/pingservlet HTTP/1.1\r\nHost:* \r\nConnection: Close\r\n\r\n

or

GET /some/pingservlet HTTP/1.1\r\nHost:abc.com \r\nConnection: Close\r\n\r\n

kgaigl · ‎09-Dec-2021

thank you, but option 1 didn't mak it better, option 2 we can't use because we use one monitor for multiple pools

DevCentral

HTTPS Monitor fails after changing TLS Version

Khoros Kudos Award 2022