Forum Discussion

Vikky_193911's avatar
Vikky_193911
Icon for Altostratus rankAltostratus
Nov 11, 2018

Pleasing the client with CIPHER?

Dear DevCentral people,

Can't find the proper CIPHER for clients connecting via TLS1.1 and TLS1.0 to prevent numerous handshake_failure on VS:443. I can't control clients, they are plain web browsers.

VS is configured with DEFAULT Cipher (latest v13.1).

ssldump shows following cases for TLS v1.1 and then TLS v1.0:

New TCP connection 145: CLIENT_1(59237) <-> LB_VS(443)
145 1  0.0451 (0.0451)  C>S  Handshake
      ClientHello
        Version 3.2 
        cipher suites
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        Unknown value 0x5600
        compression methods
                  NULL
145 2  0.0451 (0.0000)  S>C  Alert
    level           fatal
    value           handshake_failure
145    0.0451 (0.0000)  S>C  TCP FIN
145    0.0913 (0.0462)  C>S  TCP FIN

New TCP connection 48: CLIENT_2(52795) <-> LB_VS(443)
48 1  0.0512 (0.0512)  C>S  Handshake
      ClientHello
        Version 3.1 
        cipher suites
        TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA
        TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
        TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_AES_256_CBC_SHA
        TLS_RSA_WITH_AES_128_CBC_SHA
        TLS_RSA_WITH_3DES_EDE_CBC_SHA
        TLS_EMPTY_RENEGOTIATION_INFO_SCSV
        Unknown value 0x5600
        compression methods
                  NULL
48 2  0.0512 (0.0000)  S>C  Alert
    level           fatal
    value           handshake_failure
48    0.0512 (0.0000)  S>C  TCP FIN
48    0.1029 (0.0516)  C>S  TCP FIN

Is there any help with this?

While here -- how BIG-IP counts these under client-ssl statistics; as Handshake Failures or Fatal Alerts?

Thank you!

application delivery
LTM

4 Replies

Sort By
  • Vikky_193911's avatar
    Vikky_193911
    Icon for Altostratus rankAltostratus
    Nov 11, 2018

    Let me just add that LB_VS does support "offered ciphers from the client". Here is what LB_VS:443 supports:

    PORT    STATE SERVICE        VERSION
443/tcp open  ssl/http-proxy F5 BIG-IP load balancer http proxy
|_http-server-header: BigIP
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       Key exchange (dh 1024) of lower strength than certificate key
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       Key exchange (dh 1024) of lower strength than certificate key
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 1024) - A
|       TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 1024) - A
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       Key exchange (dh 1024) of lower strength than certificate key
|_  least strength: A
Service Info: Device: load balancer
  • Vikky_193911's avatar
    Vikky_193911
    Icon for Altostratus rankAltostratus
    Nov 12, 2018

    Below is ssldump from BIG-IP; client offers TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA and there is the very same Cipher in DEFAULT and yet it is handshake_failure all the way. 

    New TCP connection 559: CLIENT_3(42790) <-> LB_VS(443)
559 1  0.0477 (0.0477)  C>S  Handshake
      ClientHello
        Version 3.1 
        cipher suites
          TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
          TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
          TLS_DHE_RSA_WITH_AES_256_CBC_SHA
          TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
          TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
          TLS_DHE_RSA_WITH_AES_128_CBC_SHA
          TLS_RSA_WITH_AES_256_CBC_SHA
          TLS_RSA_WITH_AES_128_CBC_SHA
          TLS_RSA_WITH_3DES_EDE_CBC_SHA
          TLS_FALLBACK_SCSV
        compression methods
                  NULL
        extensions
          renegotiation_info
          server_name
          extended_master_secret
          SessionTicket
          status_request
          Unknown extension (0x3374)
          signed_certificate_timestamp
          application_layer_protocol_negotiation
          Unknown extension (0x7550)
          ec_point_formats
          supported_groups
559 2  0.0477 (0.0000)  S>C  Alert
    level           fatal
    value           handshake_failure
559    0.0477 (0.0000)  S>C  TCP FIN
559    0.0480 (0.0003)  C>S  TCP RST

     tmm --serverciphers 'DEFAULT' | grep ECDHE-ECDSA-AES256-SHA
34: 49162  ECDHE-ECDSA-AES256-SHA           256  TLS1    Native  AES       SHA     ECDHE_ECDSA
35: 49162  ECDHE-ECDSA-AES256-SHA           256  TLS1.1  Native  AES       SHA     ECDHE_ECDSA
36: 49162  ECDHE-ECDSA-AES256-SHA           256  TLS1.2  Native  AES       SHA     ECDHE_ECDSA
37: 49188  ECDHE-ECDSA-AES256-SHA384        256  TLS1.2  Native  AES       SHA384  ECDHE_ECDSA
  • Vikky_193911's avatar
    Vikky_193911
    Icon for Altostratus rankAltostratus
    Nov 12, 2018

    Enabling SSL debug show only SSL Handshake failure, without more details:

    Nov 11 09:11:06 ltmmaster warning tmm1[19860]: 01260013:4: SSL Handshake failed for TCP CLIENT_4:58778 -> LB_VS:443

    Also, below is ssldump with -A flag revealing 559 2 0.0477 (0.0000) S>CV3.1(2) Alert:

    New TCP connection 559: CLIENT_4(42790) <-> LB_VS(443)
559 1  0.0477 (0.0477)  C>SV3.1(158)  Handshake
      ClientHello
        Version 3.1 
        random[32]=
          a5 c2 b9 48 d0 91 af 1b d2 f9 2e 84 6a 74 fb 0b 
          73 12 72 14 81 75 75 ad 63 7b 72 1c c1 37 cd 0d 
        cipher suites
          TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
          TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
          TLS_DHE_RSA_WITH_AES_256_CBC_SHA
          TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
          TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
          TLS_DHE_RSA_WITH_AES_128_CBC_SHA
          TLS_RSA_WITH_AES_256_CBC_SHA
          TLS_RSA_WITH_AES_128_CBC_SHA
          TLS_RSA_WITH_3DES_EDE_CBC_SHA
          TLS_FALLBACK_SCSV
        compression methods
                  NULL
        extensions
          renegotiation_info
          server_name
          extended_master_secret
          SessionTicket
          status_request
          Unknown extension (0x3374)
          signed_certificate_timestamp
          application_layer_protocol_negotiation
          Unknown extension (0x7550)
          ec_point_formats
          supported_groups
559 2  0.0477 (0.0000)  S>CV3.1(2)  Alert
    level           fatal
    value           handshake_failure
559    0.0477 (0.0000)  S>C  TCP FIN
559    0.0480 (0.0003)  C>S  TCP RST
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Nov 12, 2018

    Hi Vikky,

     

    Did you try to set momentarily your client-ssl to insecure, just to check which cipher will be selected?

     

    Regards