Server RST SSL connection from LTM but works without LTM for the same Cipher

Question

HI,&nbsp;
So the client hello from the LTM contains the cipher 0X009d and the client hello from ltm also contains the same cipher but the server at 10.223.42.112 RSTs it.&nbsp;
While when the user directly accesses the server without the ltm in between the same server accepts the cipher 0x009d.&nbsp;
Any ideas on why this happens, or any other reasons for the ssl handshake to fail?&nbsp;
Thanks.&nbsp;
&nbsp;
&nbsp;

amintej · Answer

Hello,&nbsp;
Did you compare the protocols in the Client Hello not only ciphers ? It seems TLS 1.2 is not being used in the failed Client Hello.&nbsp;

amintej · Answer

Hello, you can try also the next command,because maybe the server requires SNI. Servername option will set the header TLS-Server Name Indication, please replace domain.tld for the common name configured in the server certificate, and check this headers in the pcap capture when the client iniated the connection and when the LTM iniated:
 openssl s_client -connect domain.tld:443 -servername domain.tld

Forum Discussion

Server RST SSL connection from LTM but works without LTM for the same Cipher

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

pool members can't connect to another Virtual Server

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log

F5 Connection Mirroring question

virtual server connection rate limit with tables

Virtual server connection limit with HTTP response