I'm trying to configure Proxy SSL for our company https website. I have imported required certificate and private key in Trrafic Certificate Management section, also created ssl client and server profiles, assign corresponding certificate and key that i have imported, and checked Proxy SSL on both of these profiles, but when i assign these profiles to VirtualServer, i get following error on my browser (firefox):
Secure Connection Failed An error occurred during a connection to www.xyz.com. Cannot communicate securely with peer: no common encryption algorithm(s). Error code: SSL_ERROR_NO_CYPHER_OVERLAP
also i get following messages in /var/log/ltm file
Aug 27 16:01:55 bigip1 err tmm2: 01260025:3: Cipher c014:3 negotiated is not supported by Proxy SSL configured in virtual server ... Aug 27 16:01:55 bigip1 err tmm2: Connection error: ssl_hs_pxy_scan:14123: unavailable suite (47) Aug 27 16:01:55 bigip1 warning tmm2: 01260013:4: SSL Handshake failed for TCP a.a.a.a:443 -> b.b.b.b:60013 (Server -> Self) Aug 27 16:01:55 bigip1 warning tmm2: 01260013:4: SSL Handshake failed for TCP c.c.c.c:60013 -> d.d.d.d:443 (Client -> VIP)
This is the first time I want to do SSL Proxy and I think I misconfigured something in the settings.
what software version you are running? as per the below article, "SSL handshakes will fail when the client requests to use the TLS 1.1 or TLS 1.2 protocol through the Proxy SSL-enabled virtual server" this is an old software version, and that's why I'm asking about the current version used.
Also, please check the below article for SSL cihpher negotiation and recommendations sections:
Cipher C014 corresponds to TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA.
ProxySSL only works with non-PFS ciphers (ie. only ciphers with RSA handshakes). ProxySSL cannot be used with DH, DHE, ECC, or any TLS 1.3.
Can you elaborate on why you need to use ProxySSL?