Forum Discussion

Cirrostratus

May 07, 2025

About Cipher Suites

Hello experts, We've been doing SSL LAB scans lately. We found that with the same certificate and the same client ssl profile settings, the scanning results are not the same. The strange th...

application delivery

Tofunmi

MVP

May 12, 2025

Are you doing SSL offloading on that VIP? If your VIP is not doing full SSL offload (e.g., SSL Passthrough or using a transparent profile), the curve seen could be coming from the backend server, not F5.

openssl s_client -connect <IP>:443 -curves secp521r1

If the VIP is truly terminating SSL and does not support secp521r1, the handshake should fail. If the backend server supports it, the same test against it directly will succeed. This should help isolate whether the F5 or the backend is advertising support for that curve.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)