NimbostratusShort-lived tls connections with empty data
I have a setup to deliver syslog from application (using irules) to hsl, then to a virtual server which enables serverssl to encrypt the connection between f5 hsl and a remote syslog server.
The setup works except that I observed an issue with constant retried tcp/tls connections between the encrypting virtual server (as a syslog client) and the remote syslog server. Even without log coming from hsl, the encrypting vs simply attempts tcp/tls and then followed by a tcp fin immediately, almost once every couple seconds.
The encrypting virtual server uses the default tcp profile and serverssl profile. I thought a new connection should only be triggered with log data coming from hsl. Is this expected? Is there a way to allow a persistent tls connection between the encrypting virtual server and the remote syslog server?
From ssldump:
New TCP connection 3: 10.0.0.14(49798) <-> 10.0.0.11(514)
3 1 1517783929.0667 (0.0014) C>SV3.1(163) Handshake
ClientHello
Version 3.3
random[32]=
c1 f4 69 0d 48 b8 58 cd ab a9 02 94 88 c9 5d 76
61 04 4a db 29 0a 02 aa 18 ff ea 39 69 ca 65 e6
cipher suites
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
NULL
3 2 1517783929.0682 (0.0015) S>CV3.3(81) Handshake
ServerHello
Version 3.3
random[32]=
cd ff 49 e6 d5 2d 25 74 a4 9d 44 f8 05 bf fc 0a
bb 69 4d fe 5f fb 15 1e 11 66 ea 01 62 8c 9c 43
session_id[32]=
b1 d6 42 f9 3e 61 b4 65 4c ef 25 1b d2 5c d7 eb
a5 56 24 38 98 86 51 ab f6 b2 53 cd 14 4a b5 0b
cipherSuite TLS_RSA_WITH_AES_128_GCM_SHA256
compressionMethod NULL
3 3 1517783929.0682 (0.0000) S>CV3.3(812) Handshake
Certificate
3 4 1517783929.0682 (0.0000) S>CV3.3(4) Handshake
ServerHelloDone
3 5 1517783929.0695 (0.0012) C>SV3.3(262) Handshake
ClientKeyExchange
3 6 1517783929.0695 (0.0000) C>SV3.3(1) ChangeCipherSpec
3 7 1517783929.0695 (0.0000) C>SV3.3(40) Handshake
3 8 1517783929.0714 (0.0018) S>CV3.3(1) ChangeCipherSpec
3 9 1517783929.0714 (0.0000) S>CV3.3(40) Handshake
3 10 1517783929.0725 (0.0011) C>SV3.3(26) Alert
3 1517783929.0725 (0.0000) C>S TCP FIN
3 1517783929.0729 (0.0003) S>C TCP FIN
Thanks.
