f5-appsvcs-extension
f5-appsvcs-extension copied to clipboard
F5Networks
SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
Environment
- Application Services Version: v3.36.1
- BIG-IP Version: 16.1.3.1
Summary
I'm getting a SSL error when trying to deploy a waf policy using AS3 declaration and HTTPS. I have a valid Let's encrypt certificate and I have no problem fetching the json file from the CLI when using curl. I'm using Postman to send in the declaration. When using HTTP it works as expected. It also fails if I have HTTP on the waf policy but HTTPS when fetching the swagger-file.
Steps To Reproduce
Steps to reproduce the behavior:
- Submit the following declaration:
{
"class": "AS3",
"action": "deploy",
"persist": true,
"declaration": {
"class": "ADC",
"schemaVersion": "3.2.0",
"id": "Api",
"Api": {
"class": "Tenant",
"defaultRouteDomain": 0,
"qa": {
"class": "Application",
"template": "generic",
"waf-swagger-new": {
"class": "WAF_Policy",
"url": "https://mydomain/api/waf-api.json",
}
}
}
}
}
- Observe the following error response:
{
"code": "EPROTO",
"message": "declaration failed",
"response": "GET https://mydomain/api/waf-api.json get asm policy waf-swagger-new from url failed (write EPROTO 140158090884928:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:810:\n)",
"host": "localhost",
"tenant": "Api",
"runTime": 6503
}
Expected Behavior
I expect to get a 200 OK and that the policy is created with a swagger-file.
Actual Behavior
I'm getting GET_SERVER_HELLO handshake failure. get asm policy waf-swagger-new from url failed (write EPROTO 140158090884928:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:810:\n)"
Thank you @andreasforseth. I have added this issue to our internal product backlog as AUTOTOOL-3501. In order to prioritize and understand the issue better, please reach out to us at [email protected]
Hi @andreasforseth, reached out to you on email asking for more info.
What server are you using and can we get the WAF policy. This looks more like a server issue or could be a node version too.
We suspect it could be related to an old version of node js, please check this article: https://github.com/nodejs/help/issues/1730
Also, let us know if we could schedule a zoom meeting to discuss.
Hi,
Sure, we can have a zoom meeting. When is I good time for you?
In the customer environment we are running on IIS on a Windows server 2022. Here we have not verified that this is the error we got, I can’t see any errors in the logs because we have only tried to download the swagger with https. Now we are stuck in this project because of another BUG: https://cdn.f5.com/product/bugtracker/ID1064821.html https://cdn.f5.com/product/bugtracker/ID1064821.html
In my own test environment that I have at home I get this errors. I’m running a NGINX docker container on a Ubuntu server. I can go to the URL from the cli of the BIG-IP without certificate issues, but not when using the AS3 API.
Best Regards Andréas
Sent from my iPhone
On 1 Nov 2022, at 20:36, Suntiha Ronanki @.***> wrote:
Hi @andreasforseth https://github.com/andreasforseth, reached out to you on email asking for more info.
What server are you using and can we get the WAF policy. This looks more like a server issue or could be a node version too.
We suspect it could be related to an old version of node js, please check this article: nodejs/help#1730 https://github.com/nodejs/help/issues/1730 Also, let us know if we could schedule a zoom meeting to discuss.
— Reply to this email directly, view it on GitHub https://github.com/F5Networks/f5-appsvcs-extension/issues/657#issuecomment-1299016929, or unsubscribe https://github.com/notifications/unsubscribe-auth/AKGUXHQGSC6PT3NUYMEGRRDWGFWKTANCNFSM6AAAAAAQ5RKCOU. You are receiving this because you were mentioned.
Based on our internal tickets, it looks like conversation on this issue stopped. I am closing this issue for inactivity. Please create a new issue or reopen this one if you encounter this issue again.
