server side ssl - handshake error

Question

Using fastl4 - server works as expected.                                                         &nbsp;
Using standard 443- 8443 with no offload-server works as expected.                               &nbsp;
Using standard 443-8443 - with SSLoffload - fails on the serverside.                             &nbsp;
S&gt;C  HandshakeError: short handshake length: expected 27322 got 16380      &nbsp;
S&gt;C  HandshakeError: short handshake length: expected 394069 got 10942       
&nbsp;

rxbauer_80267 · Answer

Using fastl4 - server works as expected.                                                         &nbsp;
Using standard 443- 8443 with no offload-server works as expected.                               &nbsp;
Using standard 443-8443 - with SSLoffload - fails on the serverside.                               
&nbsp;

New TCP connection 3: 172.16.33.170(8503) &lt;-&gt; 172.16.61.240(8443)
3 1  0.0015 (0.0015)  C&gt;S  Handshake
ClientHello
Version 3.3
cipher suites
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
compression methods
NULL
extensions
supported_groups
ec_point_formats
signature_algorithms
extended_master_secret
3 2  0.0021 (0.0005)  S&gt;C  Handshake
ServerHello
Version 3.3
session_id[32]=
63 01 f6 ce 06 8f 44 aa 46 4b d7 45 d2 90 8f 36
4c 49 ad f9 81 32 b4 ba 85 f1 c5 df 2c 3f e5 7e
cipherSuite         TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
compressionMethod                   NULL
extensions
renegotiation_info
ec_point_formats
3 3  0.0036 (0.0014)  S&gt;C  Handshake
Certificate
3 4  0.0036 (0.0000)  S&gt;C  Handshake
ServerKeyExchange
3 5  0.0049 (0.0013)  S&gt;C  HandshakeError: short handshake length: expected 27322 got 16380
3 6  0.0057 (0.0008)  S&gt;C  HandshakeError: short handshake length: expected 394069 got 10942
3 7  0.0066 (0.0008)  C&gt;S  Alert
level           fatal
value           handshake_failure
3    0.0067 (0.0001)  C&gt;S  TCP RST

m_2 · Answer

Did you try attaching both clientssl and serverssl (since 8443 looks like ssl port) profiles to the virtual ?
if still issue persist you may try checking server side ciphers.&nbsp;

ganesanpakkirisamy · Answer

i am also facing the same issue in our environment. can you please share how you fixed this issue, Thanks in advance.

Forum Discussion

server side ssl - handshake error

3 Replies

Recent Discussions

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

After applied ASM Policy to Virtual Server, connections will reset with Internal error in log

Restricting number of concurrent TLS handshakes using Max Active Handshakes on BIG-IP

Insufficient permissions BIG-IQ login error

HTTPS - Monitor SSL Handshake

SSL handshake failed