Dear All, We are facing issue with HTTPS monitoring. F5 load balancing and monitoring some of the server on which SSL is disable (last week) and only TLS 1_2 version is enable. Since SSL is disable on server, F5 monitoring is failing. Request you to please let me know, how to create a HTTPS monitoring parameter for monitoring TLS1_2 version enabled server. Regards, Anil

You will need to configure the Cipher List in the monitor properties. See this DevCentral thread: Ciphers

Hi, if you need an SNI connection, maybe you need an external monitor

Hi Anil, I agree with Cjunior comments. Please enable external Monitor to your pool member. Or configure below cipher. Go to Profile--> SSL--> ClientSSL--> click on SSL profile--> chiper(paste below & try) !SSLv2:!EXPORT:!DH:RSA+RC4:RSA+AES:RSA+DES:RSA+3DES:ECDHE+AES:ECDHE+3DES:@STRENGTH Hope it will work for you. Please let me know if any question

what version are you using? health monitor supports tls1.2 in 11.5.

HTTPS monitoring failing

13 Replies

gsharri
Altostratus
Apr 22, 2015
You will need to configure the Cipher List in the monitor properties.

See this DevCentral thread: Ciphers
cjunior
Nacreous
Apr 22, 2015
Hi, if you need an SNI connection, maybe you need an external monitor
Samir_Jha_52506
Noctilucent
Apr 23, 2015
Hi Anil, I agree with Cjunior comments. Please enable external Monitor to your pool member.

Or configure below cipher. Go to Profile--> SSL--> ClientSSL--> click on SSL profile--> chiper(paste below & try) !SSLv2:!EXPORT:!DH:RSA+RC4:RSA+AES:RSA+DES:RSA+3DES:ECDHE+AES:ECDHE+3DES:@STRENGTH

Hope it will work for you. Please let me know if any question
- Anil_Gupta_01_1
  Nimbostratus
  Apr 26, 2015
  can you please tell me how it will work without applying this profile to monitoring?... how to assign the created SSL profile to HTTPS monitoring??
nitass
Employee
Apr 23, 2015
what version are you using? health monitor supports tls1.2 in 11.5.
- Anil_Gupta_01_1
  Nimbostratus
  Apr 23, 2015
  11.6 version..
- Remco
  Nimbostratus
  Dec 21, 2015
  Hi Nitass, you state that health monitors supports tls 1.2 in 11.5 does this imply that tls 1.2 is not supported in 11.4?
nitass_89166
Noctilucent
Apr 23, 2015
what version are you using? health monitor supports tls1.2 in 11.5.
- Anil_Gupta_01_1
  Nimbostratus
  Apr 23, 2015
  11.6 version..
- Remco
  Nimbostratus
  Dec 21, 2015
  Hi Nitass, you state that health monitors supports tls 1.2 in 11.5 does this imply that tls 1.2 is not supported in 11.4?
Anil_Gupta_01_1
Nimbostratus
Apr 26, 2015
Hi Nitass,

it is not working. I followed your post and configured F5 monitor. but still it is failing..

please let me know the alternate way to solve the issue.
- nitass
  Employee
  Apr 26, 2015
  you have to provide some detail. did bigip send tls1.2 monitor? was connection reset? who sent reset first? what did you see from tcpdump/ssldump?
- Anil_Gupta_01_1
  Nimbostratus
  May 07, 2015
  reset is sent by server machine.