Forum Discussion

Nimbostratus

Jul 12, 2017

SSLv2 Compatible Client Hello - v10.2.4 - is it possible not to send this format in a monitor??

https://devcentral.f5.com/questions/1024-lotus-domino-web-server-sslv2-compatible-client-hello My query is essentially the same as the above, query 2). We've an LTM trying to monitor a pool of J...

application delivery

LTM

cofotony

Nimbostratus

Jul 13, 2017

In case anyone has the same issue, I found an answer eventually. There is a SSLv2Hello protocol that is disabled by default on newer software revisions. In my case it was Java 1.7 (whereas Java 1.6 it's enabled by default).So the LTM sends a sslv2 compatible hello, which in my case is a tls1.0 hello encapsulated in a sslv2 packet (or something along those lines) and unless the sslv2hello protocol is allowed this will be rejected. Even when we allowed sslv2 completely the hello was being rejected.

There are some details in the link below, but in case you don't have a login:

https://access.redhat.com/solutions/1254343

For example, on EAP 6: Raw or on EAP 7: Raw

Forum Discussion

SSLv2 Compatible Client Hello - v10.2.4 - is it possible not to send this format in a monitor??

Recent Discussions

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Azure DP-100 Exam Questions

Deploying F5 WAF in front of Azure Web App Services

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

What is the meaning is 52% block in WAF

Related Content

Using Perl Compatible Regular Expressions (PCRE) in Protocol Inspection Custom Signatures

iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

User roles per partition: are multiple possible?

F5 Distributed Cloud - Regional Edge Health Monitoring Insights

Health monitor question