TCP RST instead of Server Hello during SSL Handshake
Hi All,
Been troubleshooting an issue with a customer after they made changes server side to disable SSLv2 and SSLv3 etc and to only accept ciphers for TLS1.1 and TLS1.2
By default they were using the standard default https monitor for their pool and post making changes server side (i don't have access) the node is now not coming up. HTTP is fine but HTTPS is a problem.
We're running BIG-IP 11.4.0 (Build 2434.0)
I'm wondering if he's only enabled ciphers which aren't available in the current version of Big-IP we are using
Here's the SSLDUMP (cipher set to ALL):
1
1 - 1444809450.0879 (0.0024) C>SV3.1(114) Handshake ClientHello Version 3.1 random[32]= 56 1e 0a ea e4 11 03 df d1 77 92 83 da ec 1d 44 21 65 c2 20 97 25 40 53 75 d6 e5 c2 6b 1d 96 65 cipher suites TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA TLS_RSA_WITH_CAMELLIA_256_CBC_SHA Unknown value 0x46 Unknown value 0x45 Unknown value 0x44 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_DH_anon_EXPORT_WITH_RC4_40_MD5 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Unknown value 0xff compression methods unknown value NULL
1 - 1444809450.0884 (0.0004) S>C TCP RST