F5 sending TCP resets to Client during Client-F5 SSL Handshake

Question

We have two clients trying to reach the same https URL which is a Virtual Server hosted on the F5 LTM. &nbsp;
Connection from one client to the destination server is complete through the F5.&nbsp;
However when the second client initiates a SSL communication to the LTM, the LTM responds with a TCP reset.&nbsp;
Cipher used is DEFAULT on the F5  
&nbsp;
When we took a SSL Dump we could see the below :&nbsp;
Working Client &nbsp;
C&gt;SV3.3(241)  Handshake  &nbsp;
 ClientHello  &nbsp;
        Version 3.3   &nbsp;
S&gt;CV3.1(74)  Handshake  &nbsp;
      ServerHello  &nbsp;
        Version 3.1     
&nbsp;
Non - Working Client &nbsp;
C&gt;SV3.3(267)  Handshake  &nbsp;
      ClientHello  &nbsp;
        Version 3.3   &nbsp;
S&gt;C  TCP RST     
&nbsp;
Need help to understand why one client is unable to connect when another connects on same F5 Virtual Server successfully.&nbsp;

nathe · Answer

Aditya,&nbsp;
What I can tell from the limited ssldump trace is both clients support tls1.2 (3.3) but the bigip downgrades to tls1.0 (3.1). I suspect the non working client doesn't support tls1.0.&nbsp;
This could be the version of the browser being used perhaps?&nbsp;
N&nbsp;

Forum Discussion

F5 sending TCP resets to Client during Client-F5 SSL Handshake

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

F5 BIG-IP and NGINX - Securing Your AWS VPC Lattice Applications for External Clients

SSL Profiles Part 1: Handshakes

Overview of Trusted Client IP Headers in F5 Distributed Cloud Platform

TCP Internals: 3-way Handshake and Sequence Numbers Explained