Jump to content
Sign in to follow this  
rev.dennis

Why am I getting Open SSL errors

Recommended Posts

I'm getting a bunch of the following errors

Quote

Sep  9 06:55:01 usmifnt02.thezah.com err bigd[7070]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
Sep  9 06:55:03 usmifnt02.thezah.com err bigd[7070]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
Sep  9 06:55:04 usmifnt02.thezah.com err bigd[7070]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
Sep  9 06:55:05 usmifnt02.thezah.com err bigd[7070]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
Sep  9 06:55:06 usmifnt02.thezah.com err bigd[7070]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
Sep  9 06:55:08 usmifnt02.thezah.com err bigd[7070]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
Sep  9 06:55:09 usmifnt02.thezah.com err bigd[7070]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
Sep  9 06:55:10 usmifnt02.thezah.com err bigd[7070]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
Sep  9 06:55:11 usmifnt02.thezah.com err bigd[7070]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure.
Sep  9 06:55:13 usmifnt02.thezah.com err bigd[7070]: 01060111:3: Open SSL error - error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure. 

How do I troubleshoot this?

Share this post


Link to post
Share on other sites

F5 LTM can log failure messages for a specific pool member by setting the big process logging level to debug.  When set to debug, the bigd process will log error messages for specific pool members to the /var/log/bigdlog file

Steps are as follows from the CLI

Enable Debug

tmsh modify sys db bigd.debug { value enable }

Monitor the /var/log/bigdlog file

tail -f /var/log/bigdlog |grep 'return ssl false'

You are looking for the member is a message similar to this

Quote

ID 40 :(_ssl_shutdown_service): shutting down, return ssl false [ addr=::ffff:10.12.23.27:80 srcaddr=::ffff:10.12.23.139%0:52845 mon=/Common/https fd=9 ]

Disable debug logging

tmsh modify sys db bigd.debug { value disable }

Verify that debug logging has been disabled by running

tmsh list sys db bigd.debug

Now you know the culprit, go get em.

Common reasons for failures include:

  • Pool Member doesn't support the same SSL/TLS properties as the HTTPs monitor.  EXAMPLE: Pool Member doesn't support any version of TLS
  • A HTTPs monitor is applied to a non-HTTPS pool member in which case an HTTP monitor may mark the pool member status as available.

Share this post


Link to post
Share on other sites
Sign in to follow this  

×
×
  • Create New...