Random Handshake failed

Question

Hello,I know this problem has already been addressed in other posts but I don't find a solution to my problem. In a configuration with a VS running ssl decryption everything works correctly but sometimes in random mode and with increasing frequency depending on the amount of traffic I see failed handshakes coming in. The source addresses are part of an AWS CDN and randomly return this type of error while normally they seem to work correctly. I therefore exclude a certificate problem because otherwise it would not work at all. Any ideas where I can look for the cause?tmm3[11083]: 01260013:6: SSL Handshake failed for TCP 70.132.17.36:31720 -&gt; 10.xxx.xx.xxx:443

rosarra · Answer

Unfortunately, I think it is more complicated. I did a ssldump of the correct and failed connections.
It seems that at some point the connection is reset by the source and this is interpreted by F5 as Handshake failed. Probably because it happens during the certificate exchange phase. Is this possible?

See the ssldump here attached.

neeeewbie · Answer

I guess this problem relate to cipher suite&nbsp;
some device tried to ssl handshake with not cipher supported by F5&nbsp;

neeeewbie · Answer

you can see "cipherSuite Unknown value 0x9d"&nbsp;
could you change cipher list to "all" in ssl profile (client and server )?

Forum Discussion

Random Handshake failed

3 Replies

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

SSL handshake failed

SSL handshake failed

ssl handshake failed

SSL Profiles Part 1: Handshakes

TCP Internals: 3-way Handshake and Sequence Numbers Explained