Proxy SSL unavailable suite (47) issue
Hi,
I'm trying to configure Proxy SSL for our company https website. I have imported required certificate and private key in Trrafic Certificate Management section, also created ssl client and server profiles, assign corresponding certificate and key that i have imported, and checked Proxy SSL on both of these profiles, but when i assign these profiles to VirtualServer, i get following error on my browser (firefox):
Secure Connection Failed
An error occurred during a connection to www.xyz.com. Cannot communicate securely with peer: no common encryption algorithm(s).
Error code: SSL_ERROR_NO_CYPHER_OVERLAP
also i get following messages in /var/log/ltm file
Aug 27 16:01:55 bigip1 err tmm2[15521]: 01260025:3: Cipher c014:3 negotiated is not supported by Proxy SSL configured in virtual server ...
Aug 27 16:01:55 bigip1 err tmm2[15521]: Connection error: ssl_hs_pxy_scan:14123: unavailable suite (47)
Aug 27 16:01:55 bigip1 warning tmm2[15521]: 01260013:4: SSL Handshake failed for TCP a.a.a.a:443 -> b.b.b.b:60013 (Server -> Self)
Aug 27 16:01:55 bigip1 warning tmm2[15521]: 01260013:4: SSL Handshake failed for TCP c.c.c.c:60013 -> d.d.d.d:443 (Client -> VIP)
This is the first time I want to do SSL Proxy and I think I misconfigured something in the settings.
Thanks
Cipher C014 corresponds to TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA.
ProxySSL only works with non-PFS ciphers (ie. only ciphers with RSA handshakes). ProxySSL cannot be used with DH, DHE, ECC, or any TLS 1.3.
Can you elaborate on why you need to use ProxySSL?