NimbostratusThe 3 way handshake is not getting completed, the F5 keeps on sending resets. I have a VIP listening on 443, Auto-Map turned on, the back end is a Weblogic server. I have previously configured end-end SSL & it works with Apache. is there anything special setting required with Weblogic?
EmployeeHi, where is the 3 way handshake not getting completed? (Client side or server side) Are you using default crts?
NimbostratusServer Side, from F5 to the server there is a [SYN], then Server sends a [SYN, ACK] & now the F5 sends [RST].
Employee
Nimbostratusif you are seeing F5 [SYN], server [SYN-ACK], F5 [RST] on the server-side, the transaction isn't even making it to the SSL handshake. Are you sure that's the application traffic and not an F5 tcp-half-open monitor?
NimbostratusWont the tcp-half open monitor traffic come from the Shared-IP of the guest-vCMP? Based on the IP its not the monitor traffic.
NimbostratusNimbostratusI have taken tcp dump, I see resets in the captures, when I use firefox, it says 'Connection was reset'.
EmployeeNimbostratusYes. If I remove the client profile & sslserver profile, & instead go to https://abc.xyz.com:7000 it works. since I am not offloading on the F5.
NimbostratusYes. If I remove the client profile & sslserver profile, & instead go to https://abc.xyz.com:7000 it works. since I am not offloading on the F5.
EmployeeNimbostratuscan you post the VS configuration and the ssl-profile configurations?
you might try assigning the server-ssl profile "serverssl-insecure-compatible". Although, as I mentioned earlier, if you see that the server-side TCP 3-way handshake being reset before the SSL handshake occurs, then the server-side SSL handshake should make no difference.