Forum Discussion

Nath's avatar
Nath
Icon for Cirrostratus rankCirrostratus
Feb 23, 2017

SSL cipher exchange error

Hi we are encountering issue with SSL.

 

When we used the default client/server SSL the web is working, but when we used the certificate of client it is not.

 

Here are the cipher that the server is using: ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA

 

application delivery
ASM Advanced WAF
BIG-IP
security
ssl

7 Replies

Sort By
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Feb 24, 2017

    What was the error you were getting?

     

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    Feb 24, 2017

    You should narrow down you troubleshooting to Clientside connection or Serverside connection. Take a SSL Dump and see where the handshake is failing.

     

    If the handshake is failing on clientside, try comparing the default clientssl profile and the custom clientssl profile, it could be the certificate or the ciphers.

     

    If the handshake is complete till clientside and then server side is failing, you can be sure that it has to do with server ssl profile.

     

  • Nath's avatar
    Nath
    Icon for Cirrostratus rankCirrostratus
    Feb 24, 2017

    Hi All. Seems that the error is on the clientside SSL. Ive tried using clientssl-incompatible and serverSSL using actual cert and it is working. But of course insecure on the browser.

     

    Any idea?

     

  • Nath's avatar
    Nath
    Icon for Cirrostratus rankCirrostratus
    Feb 24, 2017

    Hi All this is resolved. I've figured out that Mode option was uncheck and that is the reason I am getting an error. After checking this option we can now access the website. :)