Forum Discussion

Cirrostratus

May 08, 2025

About Cipher Suites

Hello experts, We've been doing SSL LAB scans lately. We found that with the same certificate and the same client ssl profile settings, the scanning results are not the same. The strange th...

application delivery

Tofunmi

MVP

May 12, 2025

Are you doing SSL offloading on that VIP? If your VIP is not doing full SSL offload (e.g., SSL Passthrough or using a transparent profile), the curve seen could be coming from the backend server, not F5.

openssl s_client -connect <IP>:443 -curves secp521r1

If the VIP is truly terminating SSL and does not support secp521r1, the handshake should fail. If the backend server supports it, the same test against it directly will succeed. This should help isolate whether the F5 or the backend is advertising support for that curve.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

About Cipher Suites

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Checking for X-Forwarded-For against an Address Data-Group

SSL Bridging and FQDN rewrite Policy

Cisco TACACS+ Config on ISE LTM Pair

iRule causing requests to be duplicated (sometimes)

How can I get started with iCall

Related Content

Cipher Suite Practices and Pitfalls

Breaking Down the Quantum Challenge: TLS Cipher Suite Vulnerabilities and FIPS Post-Quantum Standards Explained

Disabling Specific Weak Cipher Suites

Cipher Suites Supported (12.1.5.3)

SSL Profiles Part 4: Cipher Suites

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS