Vikash_Ramanla1
Jun 11, 2018Nimbostratus
Logging more details when SSL handshake fails.
In our F5 setup we are using TLS 1.2 with mutual authentication. Our list of ciphers is limited to only those supported for TLS 1.2 in the clientssl profile. The issue is when a browser connects with version < TLS 1.2, we get an error logged "Connection error: ssl_hs_rxv2hello:8315: unsupported version (70)". Now error code indicates unsupported protocol version.
Can the actual version requested be logged. Better yet the cipher and version requested would be nice. If this cannot be logged, can some new SSL events be added so that we can log such information via iRules.