LTM Healt monitor decrypt ECDHE

Question

Is any method to decrypt LTM HealtMonitor from tcpdump that is using TLS1.2 and Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 ?

iRule is not an option, because HealtMonitor is not traversing virtual server and act as a client to node Server.

ssldump does not support ECDHE session keys.

Server side tcpdump is not an option.

Certificate and private key from server side are available.

boneyard · Answer

the only way would be for the client (F5) or server (server) to output the session key.

for a health monitor im not aware of any way to make that happen, perhaps the server wants to?

my question is why? you can easily replicate the behaviour with a curl or openssl s_client from the big-ip, why does the health monitor traffic have to decrypted?

marg · Answer

Thank you for reply. Thats the case.&nbsp;cURL in F5 bash is working and converted to http healt monitor is not responding but that's another case

Forum Discussion

LTM Healt monitor decrypt ECDHE

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

F5 Distributed Cloud - Regional Decryption with Virtual Sites

Decrypting TLS traffic on BIG-IP