Failed SSL Negotiation log message
This article will discuss the significance of the "Failed SSL Negotiation" log message.
Application: Any web-based application
We have a group of five VIPs that show a red status after migrating over.
|Steps to Reproduce:|
The "Failed SSL Negotiation" log message occurs when the HTTPS Protocol Real Server Check Method is in use on the Virtual Service.
The log is generated when the SSL handshake portion of an HTTPS connection is attempted, but is unsuccessful.
A packet capture can be taken from the LoadMaster to determine where the failure is occurring using the below link.
When following this link, ensure that the real server in question is populated into the Address field and either the interface containing that network is selected or the global default gateway interface is selected in the event that the real server is non-local to the LoadMaster.
|Workaround:||The workaround for this is to drop the connection to TCP Connection Only. We strongly recommend against doing this, as the application will not be checked. When using TCP Connection Only, a TCP Connection will be established to the server using the port in the Checked Port field. If this is not populated, then the port of the real server will be used.|