Forum Discussion

Ganesh_Garg's avatar
Ganesh_Garg
Icon for Nimbostratus rankNimbostratus
May 03, 2016

Server SSL connection is not establishing

Hello All,

 

I have been facing a issue where I have one SSL application configured. I am using default client and server ssl profile. client side SSL connection is establishing, but in server side connection I am getting only 3-way handshake and push messages from self-IP, SSL handshake is not happening. however the monitor I have configured for that pool is HTTPS based, where I am fetching the same URL over some random port via SSL, which is working fine. Below is the decrypted Wireshark trace from LB: -

 

But when user is trying to access the application, I cannot see server side SSL handshake.

 

Any suggestions?

 

application delivery
LTM
TMSH

5 Replies

Sort By
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 03, 2016

    Is this capture coming from the request or the monitor. And if the monitor is it marking the pool member down?

     

  • Ganesh_Garg's avatar
    Ganesh_Garg
    Icon for Nimbostratus rankNimbostratus
    May 03, 2016

    Attached is the capture for client traffic.

     

    We don't have SSL handshake happened between server side traffic.

     

  • Ganesh_Garg's avatar
    Ganesh_Garg
    Icon for Nimbostratus rankNimbostratus
    May 03, 2016

    I just checked secure handshakes/renegotiations for clientssl and serverssl. there are no SSL handshakes/renegotiations for serverssl. Below is the output.

     

    I have also tried changing Renegotiations setting from require strict to request, but no luck.

     

  • Ganesh_Garg's avatar
    Ganesh_Garg
    Icon for Nimbostratus rankNimbostratus
    May 04, 2016

    It seems that server side SSL handshake is failing due to "bad server public key, p or /and q."

     

    Below is the screenshot: -

     

    Any suggestion, how to resolve it?

     

    • IainThomson85_1's avatar
      IainThomson85_1
      Icon for Cumulonimbus rankCumulonimbus
      Jun 30, 2016
      If I've got your capture right - That looks like client (BigIP in this case) is closing the connection down - Due to an incorrect key being supplied by the server. The Server SSL profile - Are you using the same key/cert as client side ?