Forum Discussion

Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Apr 15, 2015

Issues with Proxy SSL

I have an Active Sync application where we are using the Proxy SSL on an ASM in order to pass client certificate authentication. We have started noticing that when sending messages with attachments bigger than roughly 2.5mb get an error that they are not sent. When tracing the connection and running it through ssldump I see the data packets start flowing from the client to the VIP on the ASM and then mid stream on the data connection I start seeing this in the SSLdump. Those messages go on for a few seconds until the server side closes the connection. There is no block in ASM and nothing in the LTM logs either. I check the ciphers and protocols supported on the server and they are all supported by the ASM. When I remove the ASM and let client talk directly to the server the issue clears up. Has anyone seen this before any thought would be helpful. I am running 11.4.1 HF7 in prod and I did try running it through a 11.5.2 HF1 build I have in my lab and the same issue occurs.

 

9 111 3.2153 (0.0009) C>SShort record Unknown SSL content type 1 9 112 3.2184 (0.0030) C>SShort record Unknown SSL content type 35 9 113 3.2202 (0.0018) C>SShort record Unknown SSL content type 241 9 114 3.2225 (0.0023) C>SShort record Unknown SSL content type 15 9 115 3.2243 (0.0018) C>SShort record Unknown SSL content type 242 9 116 3.2272 (0.0028) C>SShort record Unknown SSL content type 48 9 117 3.2290 (0.0017) C>SShort record Unknown SSL content type 0 9 118 3.2314 (0.0024) C>SShort record Unknown SSL content type 176 9 119 3.2338 (0.0023) C>SShort record Unknown SSL content type 197 9 120 3.2985 (0.0647) C>SShort record Unknown SSL content type 174 9 121 3.3009 (0.0023) C>SShort record Unknown SSL content type 230 9 122 3.3044 (0.0035) C>SShort record 9 123 3.4143 (0.1099) C>SV90.118(44194) bad MAC Unknown SSL content type 37

 

  • can you test :

     

    1) without asm profile on the VS

     

    2) without asm and without http profile on the vs