NSX Load balancer communication may fail with some clients when using SSL off loading or bridging.

search cancel

NSX Load balancer communication may fail with some clients when using SSL off loading or bridging.

book

Article ID: 395286

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Some clients may fail to connect to NSX Load Balancer
SSL off loading or bridging is enabled.
After configuring the load balancer Error log level to debug, you may see similar messages on the NSX Edge log in /var/log/lb/<lb-uuid>/error.log

SSL_do_handshake() failed (SSL: error:140760FC:SSL routines:ssl3_get_client_hello:unknown protocol) while SSL handshaking

Environment

VMware NSX-T Data Center
VMware NSX

Cause

This issue can occur if an unsupported TLS version is used on the client. For example, TLS v1.0 is used only on the client and SSL Profile configured in NSX for Client SSL only supports only TLS v1.2

Resolution

With VMware NSX 4.2, TLS v1.0 and TLS v1.1 are not supported. Clients will require TLS v1.2 to connect to load balancer with SSL off loading or bridging.

It is always recommended to always use the latest TLS versions.

Cryptographic Support

Additional Information

NSX 4.2 Encryption Compatibility: Unsupported Certificates, Cipher Suites, and Protocols

Add an SSL Profile for NSX Load Balancer

Feedback

thumb_up Yes

thumb_down No