Forum Discussion
still not working :(
- youssef1Jan 09, 2018Cumulonimbus
Hello,
Did you check the output logs? during your test... /var/log/ltm
You can add log in your irule: log local0. "cipher version: [SSL::cipher version]"
Regards,
- aboulleill_3013Jan 09, 2018Nimbostratus
Dear Youssef,
yes this what the logs are showing and its normal but seems the irule is not working.
Jan 9 11:49:55 f5-IB-1 info tmm3[20682]: 01260013:6: SSL Handshake failed for TCP 172.16.37.16%10:6368 -> 192.168.110.115%10:443 Jan 9 11:50:00 f5-IB-1 warning tmm3[20682]: 01260009:4: Connection error: ssl_hs_rxhello:7443: unsupported version (70) Jan 9 11:50:00 f5-IB-1 info tmm3[20682]: 01260013:6: SSL Handshake failed for TCP 172.16.37.16%10:6396 -> 192.168.110.115%10:443 Jan 9 11:50:05 f5-IB-1 warning tmm1[20682]: 01260009:4: Connection error: ssl_hs_rxhello:7443: unsupported version (70) Jan 9 11:50:05 f5-IB-1 info tmm1[20682]: 01260013:6: SSL Handshake failed for TCP 172.16.37.16%10:6405 -> 192.168.110.115%10:443
- youssef1Jan 09, 2018Cumulonimbus
Hi Aboulleill,
I think that your problem is not due to the Irule. You are blocked before Irule execution. It seems that your ssl handshake failed because you use an unsupported version (Protocol).
Can you confirm me that you don't set cert auth in you ssl client profil? What you set in "Ciphers" options in your client ssl profil?
And did you test access to your VS with another browser?
regars,
- aboulleill_3013Jan 09, 2018Nimbostratus
Dear Youssef,
Its working now :) it was set inside ssl client profile : ECDHE:!TLSv1:!3DES:!TLSv1_1:!SHA:!NONE But after returining back default ciphers the redirection works prefectly.
Thank you very much for your support.
Best Regards,
- youssef1Jan 09, 2018Cumulonimbus
Dear Aboulleill,
You're welcome!!!
Regards