Hi all,sorry, I'm not an expert using F5 but I got a question for you.I'm using an iRule Proxy configured on a BIG-IP 13.1.1.Suddenly...and I don't know why, this proxy is still working but an antivirus agent provided me an error about handshake activation."2022-04-26 14:11:28.000000 [+0100]: [Error/1] | SSL_connect:failed in SSLv3 read server hello A | http\SSLContext.cpp:266:DsaCore::CSSLContext::SSLContextInfoCallback | 17F4:1B94:ActivateThread2022-04-26 14:11:28.000000 [+0100]: [Error/1] | CHTTPServer::HandshakeSSL(192.168.201.37:8081) - BIO_do_handshake() failed - peer closed connection. | http\HTTPServer.cpp:272:DsaCore::CHTTPServer::HandshakeSSL | 17F4:1B94:ActivateThread"Have you got any experience on a similar issue?What could I check?Thanks,TM.

No i can't see anything major either!I would either talk to f5 support, or trendmicro support to look at there logs.I can see connections, and http 200 so connections are happening. So where the error is and why has to be application side, or at least the information for why may be there!

it looks like its a failure in the handshake. SSLv3 is quite old this wouldn't be the web server or client using this has been updated to not use SSL but upto TLS1.2 or TLS1.3??Other than that, i'm stuck to!

Thank you mate.Yes, it is possible but...I cannot reconfigure my antivirus agent.The only solution for me is let to disable SSL inspection or https decryption or allow the agent to use SSLv3.Do you know how to do it?

It's not McAfee is it??? I recongise the Port number! (but others may use it as well - just a guess!)So where is this flow error coming from? AV to Virtual server? Or f5 to pool member?Where is 192.168.201.37:8081?? I'm guessing this is a f5 to pool member flow?So to remove the encryption you just need to remove the client and server SSL profiles from the virtual server.But there must be a way to check this, maybe even take a pcap of the flow and have a better look,Possible f5 support could look at the config and that pcap for you with more understanding of what those errors mean.

AV is TrendMicro 🙂I got some servers that are using BigIp proxy in order to contact a central console located in the cloud and not managed by me.192.168.201.37:8081 is the proxy address set in an iRule in Big IPhow can I do the checks you suggested me?

Proxy Handhsake failure

15 Replies

PSFletchTheTek
MVP
Apr 26, 2022
it looks like its a failure in the handshake. SSLv3 is quite old this wouldn't be the web server or client using this has been updated to not use SSL but upto TLS1.2 or TLS1.3??
Other than that, i'm stuck to!
- MadMick
  Nimbostratus
  Apr 26, 2022
  Thank you mate.
  Yes, it is possible but...I cannot reconfigure my antivirus agent.
  The only solution for me is let to disable SSL inspection or https decryption or allow the agent to use SSLv3.
  Do you know how to do it?
  - PSFletchTheTek
    MVP
    Apr 26, 2022
    It's not McAfee is it??? I recongise the Port number! (but others may use it as well - just a guess!)
    So where is this flow error coming from? AV to Virtual server? Or f5 to pool member?
    Where is 192.168.201.37:8081?? I'm guessing this is a f5 to pool member flow?
    So to remove the encryption you just need to remove the client and server SSL profiles from the virtual server.
    But there must be a way to check this, maybe even take a pcap of the flow and have a better look,
    Possible f5 support could look at the config and that pcap for you with more understanding of what those errors mean.
MadMick
Nimbostratus
Apr 26, 2022
AV is TrendMicro 🙂
I got some servers that are using BigIp proxy in order to contact a central console located in the cloud and not managed by me.
192.168.201.37:8081 is the proxy address set in an iRule in Big IP
how can I do the checks you suggested me?
MadMick
Nimbostratus
Jul 05, 2022
Hi guys,
one more time...thank you for you time and you help.
I solved the issue disabling and re-enabling the proxy virtual server.
The problem is that these solution worked for 1 week to now...and now I've done the same workaround.
Do you know what can be happened?
Maybe there is a kind of cache to clear?

thanks,
M.

Forum Discussion

Proxy Handhsake failure

15 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

SSL Forward Proxy – Certificate Error Graceful Failure

Integrating SSL Orchestrator with McAfee Web Gateway-Transparent Proxy

Monitoring Failure OAuth request

F5 TCP Proxy mode

Integrating SSL Orchestrator with CheckPoint Firewall VM-Explicit Proxy