ssl handshake issue

Are we talking about client side or server side? Are you authenticating client?

client side, nothing for client authentication..

 

thx

 

Take a look here, this specific error is mentioned and it gives you advice on how to troubleshoot further:

 

">https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15292.html" target="_blank">">https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15292.html

 

You probably did something like disabling SSLv3 then a client tried to do an ssl3 handshake:

 

This is actually the default behavior for the default ('DEFAULT') cipher ordering under 11.6.0 HF1 where I tested. I was using this command against a virtual server from the standby unit, forcing ssl3: openssl s_client -connect 172.24.76.79:443 -ssl3

 

SSL in debug does not give much detail but it is evident in captures:

 

Nov 24 19:50:19 drkraken debug tmm1[11366]: 01260009:7: Connection error: ssl_hs_rxhello:6147: unsupported version (40) Nov 24 19:50:19 drkraken info tmm1[11366]: 01260013:6: SSL Handshake failed for TCP 172.24.76.70:44545 -> 172.24.76.79:443

 

Capture shows the sslv3 handshake attempt and subsequent (error 40).

 

52014-11-24 19:53:36.519200172.24.76.7044195172.24.76.79443SSLv3304IN s1/tmm3 : Client Hello

 

62014-11-24 19:53:36.519233172.24.76.79443172.24.76.7044195SSLv3173OUT s1/tmm3 : Level: Fatal, Description: Handshake Failure)

 

Logically, I was able to get a successful handshake by enabling ssl3 explicitly on the client-ssl profile in use.

 

Cheers!