aandreyy_293459
Mar 21, 2018Nimbostratus
A Lot more failures after TLS1.0 disable
HI all
maybe someone had similar issue and can offer some work around. After disabling TLS1.0 for existing SSL profile i can see much more failures in statistic:
Failures
Premature Disconnects0
Handshake Failures49.1K
Renegotiations Rejected0
Fatal Alerts10.1K
in tcpdump i can see layer 2 problem (that is strange how SSL profile setting can effect that):
before LTM we have firewall with nat, believe need modify some L2 settings but in the same VLAN we still have profiles with TLS1.0 working and it has a lot less failures (~0.1% if we compare with all connections on profile). TLS1.0 disabled profiles has 15-20% failures if we compare with all connections to SSL profile.
thanks for any ideas