Forum Discussion

Nimbostratus

Mar 27, 2018

Combine SSL Handshake failed messages with cause

Hello, if an SSL Handshake fails the F5 LTM creates for example the following log entry info tmm1[11382]: 01260013:6: SSL Handshake failed for TCP S_IP:S_Port -> Dest_IP:Dest_Port and...

LTM

security

Stanislas_Piro2

Cumulonimbus

Mar 27, 2018

I am wondering what is the output of

[SSL::cipher name]

in CLIENTSSL_CLIENTHELLO event

In this event, the client send a list of ciphers, not only one.

same for the TLS version.

if the client support TLS 1.1, the client send a TLS packet with version 1.0 (0x0301) with handshake version of 1.1 (0x0302)
if the client support TLS 1.2, the client send a TLS packet with version 1.0 (0x0301) with handshake version of 1.2 (0x0303)
if the client support TLS 1.3, the client send a TLS packet with version 1.0 (0x0301) with handshake version of 1.2 (0x0303) and with supported_version extension of 1.3 (0x0304 for approved TLS 1.3 client, 0x7FXX for TLS 1.3 draft compatible clients)

the output of

log local0.info " [IP::client_addr] [SSL::cipher name] [SSL::cipher version]"

should be interesting

Forum Discussion

Combine SSL Handshake failed messages with cause

Recent Discussions

snmp automatic stop mail send

BIG-IP DNS iRule issue with static variable

Using okta as SSO to login F5 GUI

(How) can I get two client certificates in one APM session?

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Related Content

FIX Message Response

SSL Profiles Part 1: Handshakes

TCP Internals: 3-way Handshake and Sequence Numbers Explained

Modern APM Message Box

Restricting number of concurrent TLS handshakes using Max Active Handshakes on BIG-IP