HTTPS monitor configuration and TLS on v10.2.4 HF10
Hi. We are trying to configure a health monitor to use TLSv1, TLSv1.1 & TLSv1.2 instead of SSLv3 but are having issues getting the monitor to respond. Using ssldump from the LTM command line shows a handshake failure as follows:
1 1 0.0020 (0.0020) C>S SSLv2 compatible client hello Version 3.1 cipher suites TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA Unknown value 0xff 1 2 0.0032 (0.0011) S>CV3.1(2) Alert level fatal value handshake_failure 1 0.0032 (0.0000) S>C TCP FIN 1 0.0041 (0.0009) C>S TCP FIN
I have read previous questions on the subject but they all appear to be for v11.x and we are running v10.2.4 HF10 on our load balancers. IF we change the server to listen on SSLv3 then the monitor comes straight up and ssldump reports a successful handshake.
Our monitor is a HTTPS monitor with a simple Send and Receive string configured and we have tried it with the default ciphers of "DEFAULT:+SHA:+3DES:+kEDH" or included TLS related ciphers without success.
Please can someone help?