Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

LoadMaster uses a different cipher suite than what it shows in WireShark





Customer wanted to know why the LoadMaster was using a different Cipher Suite than he was seeing in Wireshark since the cipher name did not match.


Product: LoadMaster

Version: Any.

Platform: Any. 

Application: Any.

Question/Problem Description:

The customer saw that the LoadMaster had ECDHE-RSA-AES256-SHA384 configured but instead he saw ECDHE-RSA-AES256-CBC-SHA384 being returned in a packet capture.

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: The LoadMaster uses a different name to identify Cipher Suites.
  • Explained the customer that both Ciphers are the exact same. ECDHE-RSA-AES256-SHA384 is [0xc028] and ECDHE-RSA-AES256-CBC-SHA384 is also [0xc028]. 
  • The difference is that the LoadMaster will use the OpenSSL name to identify the Ciphers whereas utilities such as WireShark will use the IANA name instead. 

The following link can help identify the actual ID for the Cipher Suites:

Was this article helpful?
0 out of 0 found this helpful