Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

Are you an expert?    Interested in presenting at F5 AppWorld 2024?    Submit a proposal by Nov 29th!

LTM Healt monitor decrypt ECDHE

MarG
Altostratus
Altostratus

‎17-Jun-2020 06:32

Is any method to decrypt LTM HealtMonitor from tcpdump that is using TLS1.2 and Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ?

iRule is not an option, because HealtMonitor is not traversing virtual server and act as a client to node Server.

ssldump does not support ECDHE session keys.

Server side tcpdump is not an option.

Certificate and private key from server side are available.

Labels:
2 REPLIES 2

boneyard
MVP
MVP

‎22-Jun-2020 10:28

the only way would be for the client (F5) or server (server) to output the session key.

 

for a health monitor im not aware of any way to make that happen, perhaps the server wants to?

 

my question is why? you can easily replicate the behaviour with a curl or openssl s_client from the big-ip, why does the health monitor traffic have to decrypted?

 

 

0 Kudos

MarG
Altostratus
Altostratus
In response to boneyard

‎23-Jun-2020 02:49

Thank you for reply. Thats the case.

 

cURL in F5 bash is working and converted to http healt monitor is not responding but that's another case

0 Kudos
Copyright © 2023 Khoros, LLC