Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

SSL Handshake errors - no additional information in ltm log - v13.1.3.5

Salmander
Nimbostratus
Nimbostratus

‎30-Sep-2020 07:28

Hi. I need to troubleshoot some SSL Handshake errors and I understood that additional logging should already be available in the LTM log but it is not on my v13.1.3.5 LTM-VE. I have tried changing the log.ssl.level value to Debug but it has no effect. I want to understand what cipher the external client is sending in with as our ciphers for this SSL Profile:Client is set to DEFAULT

 

Please can anyone advise?

Labels:
0 Kudos
3 REPLIES 3

Enes_Afsin_Al
MVP
MVP

‎30-Sep-2020 08:15 - last edited on ‎04-Jun-2023 21:16 by Fog

Hi Salmander,

Can you try this iRule?

when HTTP_REQUEST {
	log local0. "Cipher=[SSL::cipher name] - Version=[SSL::cipher version] - Bits=[SSL::cipher bits]"
}
0 Kudos

Salmander
Nimbostratus
Nimbostratus
In response to Enes_Afsin_Al

‎30-Sep-2020 09:13

Thanks for the reply. That works well for traffic which is successfully processed by the F5 but does not appear to work for traffic that is reported by the "SSL Handshake failed for TCP" issue.

 

I have added Source IP Address=[IP::client_addr]:[TCP::client_port] to your iRule so the source IP address and source port is reported in the log, but the iRule does not appear to be run for the traffic that has the SSL Handshake error by verifying the source IP address/port details

0 Kudos

Lidev
MVP
MVP

‎01-Oct-2020 02:05

Hi Salmander,

 

You can use SSLDump to troubleshoot your SSL Handshake issue.

  • https://support.f5.com/csp/article/K10209
  • https://support.f5.com/csp/article/K15292

 

Regards

 

0 Kudos
Copyright © 2023 Khoros, LLC