Forum Discussion

MAbbas's avatar
MAbbas
Icon for Cirrus rankCirrus
Jul 03, 2018

ssl - handshake failing

Hi - i have a client soap application trying to connect -- and getting ssl handshake failure - f5 version is 12.1.2 -- and cipher setting is DEFAULT-- can you please help - Thanks ssldump New TCP connection 8: 148.9.210.204(55786) <-> 192.168.121.111(443) 8 1 0.1970 (0.1970) C>S Handshake ClientHello Version 3.3 cipher suites TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_RSA_WITH_AES_256_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_RSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression methods NULL 8 2 0.1970 (0.0000) S>C Alert level fatal value handshake_failure 8 0.1970 (0.0000) S>C TCP FIN 8 0.3933 (0.1962) C>S TCP FIN

 

error in logs

 

Jul 3 11:08:36 F5-1 info tmm[18932]: 01260013:6: SSL Handshake failed for TCP 148.9.210.204:63168 -> 192.168.121.111:443 Jul 3 11:08:51 F5-1 warning tmm1[18932]: 01260009:4: Connection error: ssl_hs_rxhello:7462: name not available (112) Jul 3 11:08:51 F5-1 info tmm1[18932]: 01260013:6: SSL Handshake failed for TCP 148.9.210.204:55786 -> 192.168.121.111:443

 

i h

 

application delivery
BIG-IP
LTM

2 Replies

Sort By
  • MAbbas's avatar
    MAbbas
    Icon for Cirrus rankCirrus
    Jul 03, 2018

    Connection error: ssl_hs_rxhello:7462: name not available (112) -- what does this message mean ? its a bit un clear to me

     

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for MVP rankMVP
    Jul 03, 2018

    Can you share your clientssl profile details. Does it have SNI enabled.

     

    112 is the numeric identifier for the SSL error reason

     

    And according the Wiki TLS,

     

    112 Unrecognized name warning TLS only; client's Server Name Indicator specified a hostname not supported by the server.