How to identify if there is an SSL/TLS protocol mismatch between Client and F5 LTM?
1. Check the protocol version used by the client in wireshark captures under the “Client Hello” packet
2. Check the SSL/TLS protocol version supported by the LTM for a particular VIP
- Run curl checks if possible from a remote server
curl -Ik https://site1.dc1.networkology.net --sslv2
curl -Ik https://site1.dc1.networkology.net --sslv3
curl -Ik https://site1.dc1.networkology.net --tlsv1
curl -Ik https://site1.dc1.networkology.net --tlsv1.0
curl -Ik https://site1.dc1.networkology.net --tlsv1.1
curl -Ik https://site1.dc1.networkology.net --tlsv1.2
- Check if any protocol is negated in ciphers under client-ssl profile;
View only response headers
curl -I only retrieves the header of the resource. The ‘I’ is case sensitive.
root@ubnsrv01:/etc/ssl/certs# curl -I https://site3.lab.com
HTTP/1.1 200 OK
Last-Modified: Thu, 17 Aug 2017 21:14:18 GMT
Date: Sat, 02 Sep 2017 22:58:54 GMT
View response headers and content
curl -i includes the HTTP header in the output along with the site content. Since this URL is terminating on an F5, the HTTP header reports that a redirect is configured for this URL but doesn’t redirect it automatically to the URL. The ‘i’ is case sensitive.
A quick post on (CentOS) Linux commands for FireAMP Connector
FireAMP connector install
[root@localhost Downloads]# yum install fireamplinux_connector.rpm
FireAMP connector install location
[root@localhost bin]# pwd
Just came across this comic strip that was posted by Tufin’s facebook page few days back and I couldn’t agree more to it. :D
By the way, Tufin is a wonderful firewall management application that provides solutions for firewall policy change management, auditing, analysis and compliance.
Thank you Zain Alam (a.k.a Casshern Zakikato) for the wonderful header image and your valuable suggestions on the layout of blog.
If you’re looking for a highly skilled and talented Graphic Designer/ SFX Expert – he’s your man! ;-)