I'm developing an android application using React Native. While trying to call an API that sits behind f5 an error is being received and the following error appears in f5 logs: "SSL Handshake failed for TCP".
This is very confusing, since that error isn't being received from an IOS application or any browser, the API works perfectly fine and no error message appears.
After some research i ran accros the use of SSL pinning, it requires having the certificate and send it with the request. I used openssl to generate the cert.pem file and received the following error: "verify error:num=21 unable to verify the first certificate", searching that online resulted in answer indicating the server doesn't send the entire chain.
The certificate being used is a standard Digicert certificate.
@RealM From what I have seen in the past between mobile devices is some of them tend to send the request with a host field value of "example.com:443" instead of "example.com" and sometimes iRules and things such as this do not interpret those as the same string causing a failure without prompting you to accept that the SSL certificate doesn't match what you are sending. If the SSL chain is indeed the issue you can feed your FQDN to the following online tool and it will tell you if it chains out properly and rule out the possibility of that being the issue. You might take this opportunity to run a tcpdump on the F5 for your android user and see what that shows with the connection and where it gets to in the SSL handshake process.