Forum Discussion

Thiyagu's avatar
Thiyagu
Icon for Cirrus rankCirrus
Mar 15, 2021

ssl handshake failure issue from loabalancer to the backend application server

Hello All,

I'm finding ssl handshake failure issue from load balancer to the backend application server. We have different application server pool mapped to single Virtual server using irule.

 

Out of the different application server pool, for one of the server pool application servers are listening on port number 443.

 

Could you please suggest how to make the load balancer as a client for the successful handshake with the server?

 

I'm not able to configure the server side profile as the other servers are listening on http port.

 

Please suggest to fix the issue.

1 Reply

  • eey0re's avatar
    eey0re
    Icon for Cirrostratus rankCirrostratus

    Do you mean one pool has servers which use TLS, but the other pool or pools don't?

    In this case, you should attach a Server SSL profile to the Virtual Server, but disable it using the iRule that selects your pool, when required using the command: SSL::disable serverside

    I don't know how your iRule decides on pools, but for example:

    when HTTP_REQUEST {
        if { [HTTP::uri] starts_with "/nonhttpspool" }{
            SSL::disable serverside
            pool nonhttps_pool
        } else {
          pool https_pool
        }
    }

    Remember that without a OneConnect profile, only the first request of the connection can select the pool.