Forum Discussion
Lucas_Thompson_
Historic F5 Account
You'll need to either decrypt it, or just set it to communicate on port 80. Citrix servers generally allow the comms to be 443 or 80.
The SSLDUMP we use is generally the same as the normal ssldump, so the use (and how to decrypt it) is the same. Two rules:
- Make sure the SSL session cache is deleted so you get a new SSL session ID, otherwise the decryption can't work. In your case this would be for the serverssl profile, not the clientssl profile because you're trying to decrypt the serverside of the connection.
- As you've done, DH ciphers have to be disabled.
I see that you have a support case on this already. As soon as we can see the backend comms, we'll have a better idea about what's happening. I can't find any reference to this error in any other support case except one where somebody was trying to get VMWare Horizon View to function via APM. The symptoms for that one were nearly identical (including the 'TTP /1.1' part) but it doesn't look like there was any followup or resolution.
Jose_Nelson_206
Dec 18, 2015Nimbostratus
I was able to successfully decrypt the server side of the conversation. The error we were seeing in the apm.log file (err vdi[24769]: 01490000: {ca9.C} Error parsing version from response: 'TTP/1.1 ') can now be seen in the decrypted capture. We see our pool member (129.101.186.221) responding in connection 11 9 with a single "H" and in connection 11 10 is produces the rest of the response with begins with " TTP/1.1 302 Found." So we're seeing the "H" being omitted for some reason. After this response is when the conversation FIN's by the client, in this case the F5. Is this something that can be controlled via the http profile assigned to the VIP?
Here is the where we see the error. The snippet of the conversation below starts with the client performing a GET:
11 8 1450457257.3673 (0.0005) C>SV3.1(208) application_data
---------------------------------------------------------------
GET /Citrix/PNAgent/Config.xml HTTP/1.1
User-Agent: SelfService/4.3.100.10167 (Release)
Host: vlab-pprd.uidaho.edu
Connection: Keep-Alive
X-Forwarded-For: 129.101.169.48
---------------------------------------------------------------
11 9 1450457257.3697 (0.0024) S>CV3.1(32) application_data
---------------------------------------------------------------
H---------------------------------------------------------------
11 10 1450457257.3697 (0.0000) S>CV3.1(448) application_data
---------------------------------------------------------------
TTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: https://vlab-pprd.uidaho.edu/Citrix/VLabPPRD/PNAgent/config.xml
Server: Microsoft-IIS/8.5
Date: Fri, 18 Dec 2015 16:47:37 GMT
Content-Length: 180
Object moved
Object moved to here.
---------------------------------------------------------------
11 1450457257.3700 (0.0003) C>S TCP FIN
11 1450457257.3706 (0.0005) S>C TCP FIN