Forum Discussion
2 Replies
Hi,
Could you post the output of an ssldump?
Commands are: tcpdump -vvv -s 0 -nni any -w /var/tmp/www-ssl-client.cap host and port 443
ssldump -nr /var/tmp/www-ssl-client.cap
The SSL records printed by the ssldump utility appear similar to the following:
New TCP connection 2: 172.16.31.22(32866) <-> 192.168.1.8(8389) 2 1 0.0002 (0.0002) C>S Handshake ClientHello Version 3.0
Cheers,
Kees
- Stephane_ViauNimbostratus
Muhammad,
Is your client really old? Because if it is, it's possible that it only supports SSLv2. Closest I have to 11.5.4 is 11.6.0 and in this version client-insecure-compatible does not support SSLv2. So a client trying to connect with SSLv2 should be dropped by the Big-IP, although I'm not sure if it would match the error message that you see. If you want to try it, go into the client-insecure-compatible profile and make sure that SSLv2 is enabled (remove !SSLv2 from the cipher list).
Just be advised that this is not something that you want to do if your Virtual Server can be reached from a hostile network like the public Internet :)