SSL issue between LTM and backend server
I have configured a VS with client and server ssl profile. So when I have only client ssl profile the site works. But when I configure the server ssl profile and change the backend server to be monitored from http to https the site doesn't work also HC fails. The HC works when enabled tcp-443 health monitor but site doesn't work. In IE error received "page can't be displayed" and in FF "secure channel failed". Also if I change the VS from standard to performance layer 4 the site works fine on https. HTTP work fine both in standard and performance vs setup. I have converted the same certificate into pfx format to install on backend windows (172.28.211.4) server. ALSO the curl and openssl from LTM doesn't provide enough information why the LTM is failing to establish a ssl connection with server. I have tried most of the combination of weak and strong ciphers but no luck. [admin@BESEH070:Active:Changes Pending] ~ echo "Q" | openssl s_client -connect 172.28.211.4:443 -cipher '!SSLv2:!SSLv3:!MD5:!EXPORT:RSA+AES:RSA+3DES:RSA+RC4:ECDHE+AES:ECDHE+3DES:ECDHE+RC4' CONNECTED(00000003)
write:errno=104 no peer certificate available No client certificate CA names sent SSL handshake has read 0 bytes and written 105 bytes
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE
Expansion: NONE
[admin@BESEH070:Active:Changes Pending] ~ echo "Q" | openssl s_client -connect 172.28.211.4:443 CONNECTED(00000003)
write:errno=104 no peer certificate available No client certificate CA names sent SSL handshake has read 0 bytes and written 305 bytes
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE
Expansion: NONE
curl -vk 172.28.211.4:443 * About to connect() to 172.28.211.4 port 443 (0) * Trying 172.28.211.4... connected * Connected to 172.28.211.4 (172.28.211.4) port 443 (0)
GET / HTTP/1.1 User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 OpenSSL/1.0.1j zlib/1.2.3 libidn/0.6.5 Host: 172.28.211.4:443 Accept: /
- Closing connection 0
- Failure when receiving data from the peer curl: (56) Failure when receiving data from the peer