Ssl – F5, Apache and IIS – Error during SSL Handshake with remote server returned

Need to see if anyone can shed some light into an intermittent issue that I get within this setup.

First the setup is as follows:

End User -> VIP of F5(No SSL and round robin) -> 2 pair of Apache servers(SSL for virtual host) -> F5(SSL and Least connection) -> 4 IIS servers(SSL) -> App server.

IIS 7.5

· IIS idle time-out set to 0 (meaning is it disabled)
· Keep-alive: 2mins

Apache 2.4 with OpenSSL 1.0

timeout 10 mins

SSLEngine On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off

F5
F5 runs firmware 12
Timeout is 5 minutes.

Application is .Net

Error

We have intermittent issues where in the proxy error logs the following show up. Client do time to time complain. Wireshark was no use as it is hard to find the exact time and the data put out there makes it hard to capture for more than 30 minutes.

Noted that Apache, F5 and IIS host many other sites and they have no issues. This only has it. also same user IP can work but sometimes it gets the error.

[error] [client xxxxxx] proxy: Error during SSL Handshake with remote server returned by /css/font-awesome.min.css

[error] proxy: pass request body failed to F5 backend VIP from end user ()

[error] (502)Unknown error: proxy: pass request body failed to F5 VIP

Possible cause:

I thought issue was the extended master key for TLS 1.2 but it was not that. I have newer browsers coming in with no issue but sometimes same user can work fine and suddenly they get this error and after they are again ok.

To add more to this, internal users whom bypass apache servers can in fact use the site without issue.

What is strange is that SSL handshake is having issue.

Between proxy and VIP of backend F5 TLS 1.2 is used.

I have disabled old ciphers and SSLv2 and 3 on Proxy as well.

SSL Labs shows site as A+.

Any suggestion is welcomed.