SSL serverside cipher mismatch

Question

In a hardware-based 10.2(+HF2) LTM installation, LTM cannot negotiate cipher with an IIS6 server (ssldump reports a TCP close sequence after client hello). &nbsp;
&nbsp;Default https monitor reports TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA cipher negotiated with IIS; openssl s_client negotiate also the same cipher. &nbsp;
&nbsp;The symptom persists even if modifying ciphers used (tmm --servercipher 'ALL', and in server-ssl profile - several variations tried, from ALL to 'DEFAULT:EDH'). The IIS server configuration can't be modified. Any suggestions regarding cipher matching would be appreciate - devcentral articles, posts, askf5 SOLs already screened.&nbsp;

hooleylist · Answer

Hi Andrei, 
&nbsp;  
&nbsp; Are you testing an issue with an HTTPS monitor or load balanced traffic through a VS or both?  Does the monitor succeed with TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA? 
&nbsp;  
&nbsp; Can you try using the insecure ciphers server SSL profile just to test? 
&nbsp;  
&nbsp; sol11624: Change in Behavior: The default BIG-IP SSL profiles no longer include DES-CBC-SHA and ciphers containing the MD5 hash 
&nbsp; http://support.f5.com/kb/en-us/solutions/public/11000/600/sol11624.html 
&nbsp;  
&nbsp; sol11631: SSL ciphers used in the clientssl-insecure-compatible and serverssl-insecure-compatible SSL profiles 
&nbsp; http://support.f5.com/kb/en-us/solutions/public/11000/600/sol11631.html 
&nbsp;  
&nbsp; Aaron

andrei_popiste1 · Answer

Testing both (monitor &amp; vs): default https monitor using DEFAULT:+SHA:+3DES:+kEDH succeeds with TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA, server-side SSL handshake of VS fails (SERVERSSL_HANDSHAKE event never reached, ssldump shows only client (f5) hellos followed by real server's  TCP FIN. 
&nbsp;  
&nbsp; In server SSL profile used for vs I tried several combinations: DEFAULT:+EDH, COMPAT, ALL - with ALL, only  
&nbsp;   TLS_DHE_RSA_WITH_AES_128_CBC_SHA 
&nbsp;   TLS_DHE_RSA_WITH_AES_256_CBC_SHA 
&nbsp;   TLS_DHE_RSA_WITH_DES_CBC_SHA 
&nbsp;   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 
&nbsp;   TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA 
&nbsp; are sent from f5 to server. I tried also the default serverssl-insecure-compatible. 
&nbsp;  
&nbsp; I wonder if default monitor is implemented using openssl libraries.

hooleylist · Answer

The monitoring daemon, bigd, probably does not use the native TMM SSL stack.  So I think you're right on it using the openssl ciphers.  I'm surprised that using COMPAT (openssl ciphers) in the client SSL profile wouldn't work if the monitor succeeds. 
&nbsp;  
&nbsp; It might be worth opening a support case on this as they'll be able to test directly with you.   
&nbsp;  
&nbsp; Aaron

andrei_popiste1 · Answer

Thank you for the promptitude of your answer. 
&nbsp;  
&nbsp; tmm --serverciphers 'COMPAT' | grep DHE returns only DHE-RSA-, not DHE-DSS-.  
&nbsp;  
&nbsp; Since I have no access to server, I suspect that real server's certificate was issued using stock Microsoft Base CSP not Microsoft RSA SChannnel Cryptographic Provider. 
&nbsp;  
&nbsp; Thank you for your time and support.

andrei_popiste1 · Answer

It was server's certificate, namely Public Key Algorithm - after regenerating the real server certificate using Microsoft RSA SChannnel Cryptographic Provider (not Microsoft Base Cryptographic Provider), SSL handshake was successful. No cipher selection in schannel was required. For restricting cipher suites on Microsoft servers, http://support.microsoft.com/kb/245030.

Forum Discussion

SSL serverside cipher mismatch

6 Replies

Recent Discussions

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

About custome Response Blocking Page

About IPI check ip list

Cookie Violation - Expired TimeStamp.

CGNAT with DS-lite and LSN

Related Content

Cipher suite mismatch advertisement/warning

SSL protocol mismatch

Serverside SNI injection iRule

Display a warning on client browser when cipher suite mismatch

behavior of SSL::disable serverside