cancel
Showing results for 
Search instead for 
Did you mean: 

SSL Handshake errors - no additional information in ltm log - v13.1.3.5

Salmander
Nimbostratus
Nimbostratus

Hi. I need to troubleshoot some SSL Handshake errors and I understood that additional logging should already be available in the LTM log but it is not on my v13.1.3.5 LTM-VE. I have tried changing the log.ssl.level value to Debug but it has no effect. I want to understand what cipher the external client is sending in with as our ciphers for this SSL Profile:Client is set to DEFAULT

 

Please can anyone advise?

3 REPLIES 3

Hi Salmander,

 

Can you try this iRule?

when HTTP_REQUEST { log local0. "Cipher=[SSL::cipher name] - Version=[SSL::cipher version] - Bits=[SSL::cipher bits]" }

 

Thanks for the reply. That works well for traffic which is successfully processed by the F5 but does not appear to work for traffic that is reported by the "SSL Handshake failed for TCP" issue.

 

I have added Source IP Address=[IP::client_addr]:[TCP::client_port] to your iRule so the source IP address and source port is reported in the log, but the iRule does not appear to be run for the traffic that has the SSL Handshake error by verifying the source IP address/port details

Lidev
MVP
MVP

Hi Salmander,

 

You can use SSLDump to troubleshoot your SSL Handshake issue.

  • https://support.f5.com/csp/article/K10209
  • https://support.f5.com/csp/article/K15292

 

Regards