Forum Discussion

Vikash_Ramanla1's avatar
Vikash_Ramanla1
Icon for Nimbostratus rankNimbostratus
Jun 11, 2018

Logging more details when SSL handshake fails.

In our F5 setup we are using TLS 1.2 with mutual authentication. Our list of ciphers is limited to only those supported for TLS 1.2 in the clientssl profile. The issue is when a browser connects with version < TLS 1.2, we get an error logged "Connection error: ssl_hs_rxv2hello:8315: unsupported version (70)". Now error code indicates unsupported protocol version.

 

Can the actual version requested be logged. Better yet the cipher and version requested would be nice. If this cannot be logged, can some new SSL events be added so that we can log such information via iRules.