Forum Discussion
7 Replies
Sort By
- nitassEmployeee.g.
[root@ve11a:Active:Changes Pending] config tmm --clientciphers RC4+SHA+SSLv3+MEDIUM ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 5 RC4-SHA 128 SSL3 Native RC4 SHA RSA [root@ve11a:Active:Changes Pending] config
- John_Ogle_45372NimbostratusNitass,
- drew_24552Nimbostratus
Try the following:
DEFAULT:!ALL:RC4-SHA
Jason Rahm has a great series of articles on the SSL profiles. Check it out: https://devcentral.f5.com/tech-tips...her-suites
- John_Ogle_45372NimbostratusOk. I made a mistake. Two things:
- nitassEmployeeTLS_RSA_WITH_3DES_EDE_CBC_SHA can you try this?
[root@ve11a:Active:Changes Pending] config tmsh list ltm monitor https myhttps ltm monitor https myhttps { cipherlist DES-CBC3-SHA compatibility enabled defaults-from https destination *:* interval 5 send "GET /\\r\\n" time-until-up 0 timeout 16 } [root@ve11a:Active:Changes Pending] config ssldump -Aed -nni 0.0 host 200.200.200.101 and port 443 New TCP connection 1: 200.200.200.11(34552) <-> 200.200.200.101(443) 1 1 1373977265.0672 (0.0028) C>SV3.1(80) Handshake ClientHello Version 3.1 random[32]= 51 e5 3a b1 0e f7 75 f9 df 06 42 16 a8 bc 29 2c 32 08 9c 53 9b b9 3e 1a e1 31 c5 87 f2 58 50 0f resume [32]= f7 8b d5 52 45 60 65 3e 0e f9 39 d5 58 82 4b 1c 92 e0 93 7a f9 9e 49 21 1a 23 10 df 9d 4f ec c3 cipher suites TLS_RSA_WITH_3DES_EDE_CBC_SHA Unknown value 0xff compression methods unknown value NULL 1 2 1373977265.0690 (0.0018) S>CV3.1(81) Handshake ServerHello Version 3.1 random[32]= 51 e5 3a 03 0e 9c 42 f5 0c 4e 6b d1 48 88 d5 dc e9 17 c3 df 7e 8c 20 21 4e d7 5f 64 5f 80 44 16 session_id[32]= f7 8b d5 52 45 60 65 3e 0e f9 39 d5 58 82 4b 1c 92 e0 93 7a f9 9e 49 21 1a 23 10 df 9d 4f ec c3 cipherSuite TLS_RSA_WITH_3DES_EDE_CBC_SHA compressionMethod unknown value 1 3 1373977265.0690 (0.0000) S>CV3.1(1) ChangeCipherSpec 1 4 1373977265.0690 (0.0000) S>CV3.1(48) Handshake 1 5 1373977265.0707 (0.0016) C>SV3.1(1) ChangeCipherSpec 1 6 1373977265.0707 (0.0000) C>SV3.1(48) Handshake 1 7 1373977265.0707 (0.0000) C>SV3.1(40) application_data 1 8 1373977265.0732 (0.0025) S>CV3.1(104) application_data 1 9 1373977265.0732 (0.0000) S>CV3.1(32) Alert 1 1373977265.0732 (0.0000) S>C TCP FIN 1 10 1373977265.0742 (0.0009) C>SV3.1(32) Alert 1 1373977265.0745 (0.0003) C>S TCP FIN
- John_Ogle_45372Nimbostratus
Thank you! It looks like it is still failing. Please review the output of the working version using CURL and the failing https monitor. What could be different?
- nitassEmployeeit seems bigd (health monitor) does not send sslv3 only even adding !tls1 in cipher list.