cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

ssl handshake failure issue from loabalancer to the backend application server

Thiyagu
Altocumulus
Altocumulus

Hello All,

I'm finding ssl handshake failure issue from load balancer to the backend application server. We have different application server pool mapped to single Virtual server using irule.

 

Out of the different application server pool, for one of the server pool application servers are listening on port number 443.

 

Could you please suggest how to make the load balancer as a client for the successful handshake with the server?

 

I'm not able to configure the server side profile as the other servers are listening on http port.

 

Please suggest to fix the issue.

1 REPLY 1

eey0re
Cirrostratus
Cirrostratus

Do you mean one pool has servers which use TLS, but the other pool or pools don't?

 

In this case, you should attach a Server SSL profile to the Virtual Server, but disable it using the iRule that selects your pool, when required using the command: SSL::disable serverside

 

I don't know how your iRule decides on pools, but for example:

when HTTP_REQUEST { if { [HTTP::uri] starts_with "/nonhttpspool" }{ SSL::disable serverside pool nonhttps_pool } else { pool https_pool } }

Remember that without a OneConnect profile, only the first request of the connection can select the pool.