serverssl behavior in 11.4.x
We ran into an issue that the SSL handshake on the serverside fails after updating the certificate on the server. Nothing changed on the LB. I'm aware of the serverssl profile behavior change in regards to the order of the TLS-versions, but as I mentioned the LB wasn't touched. Means it is already running v11.4.1 HF8 and everything was fine with the old certificate. After renewing it on the server, the server sends immediately a RST-packet after the client hello. After we disabled TLS1.2 with the "No TLS1.2" option in the serverssl profile (I assume using a cipher like this "DEFAULT:!TLSv1_2" would have the same effect) it was working again. So what kind of sense makes an order if the second or third option will never be used, when the first one fails? Maybe I'm totally wrong at the moment, but can someone explain me the behavior in detail or knows the root cause of this issue?
Thank you!
Ciao Stefan :)