Forum Discussion

aheinz's avatar
aheinz
Icon for Nimbostratus rankNimbostratus
Aug 14, 2020

Unknown SSL protocol error in connection to Node

Hi all,

 

we have a problem with certain LTM pools after migrating from SNI based monitors to SSL health monitor with SSL server profile included. The server name in the new health monitor and in the old SNI monitor are tthe same.The pool members are standard Azure Windows IIS servers and configured equally (as far as I know), listening on port 443. With the new health monitor active one pool member node is doing fine while the other is going down.

 

Using curl as a test on the Bigip shows me

 

...

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* Unknown SSL protocol error in connection to 10.254.8.16:443

* Closing connection 1

curl: (35) Unknown SSL protocol error in connection to 10.254.8.16:443

 

The working one shows me

 

...

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (OUT), TLS alert, Server hello (2):

* SSL certificate problem: unable to get local issuer certificate

* Closing connection 1

 

So we wonder what the difference between the SNI monitor and the "standard" one is. Hopefully someone will pick this up and give me a hint :-)

 

Thx!

 

best regards,

Alexander

No RepliesBe the first to reply