cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Unknown SSL protocol error in connection to Node

aheinz
Nimbostratus
Nimbostratus

Hi all,

 

we have a problem with certain LTM pools after migrating from SNI based monitors to SSL health monitor with SSL server profile included. The server name in the new health monitor and in the old SNI monitor are tthe same.The pool members are standard Azure Windows IIS servers and configured equally (as far as I know), listening on port 443. With the new health monitor active one pool member node is doing fine while the other is going down.

 

Using curl as a test on the Bigip shows me

 

...

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* Unknown SSL protocol error in connection to 10.254.8.16:443

* Closing connection 1

curl: (35) Unknown SSL protocol error in connection to 10.254.8.16:443

 

The working one shows me

 

...

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (OUT), TLS alert, Server hello (2):

* SSL certificate problem: unable to get local issuer certificate

* Closing connection 1

 

So we wonder what the difference between the SNI monitor and the "standard" one is. Hopefully someone will pick this up and give me a hint 🙂

 

Thx!

 

best regards,

Alexander

0 REPLIES 0