Forum Discussion
Benjamin_8557
May 11, 2016Altostratus
[Certificate Client Authentication] ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Hi,
I use client certificate to authenticate access to a web service.
The client certificate is self-signed and I check it with the default BigIP CA.
But, when I request the web service w...
Yann_Desmarest
Cirrus
Hello,
This message indicates that the SSL version or the Cipher list supported by the F5 and its peer (the client) doesn't match.
You should do a tcpdump on the client or on the F5 system to check the ssl handshake. You may see that there is no matching ciphers between the browser and the VS.
You can also setup the debug level for SSL on System >> Logs >> Options
Benjamin_8557
May 11, 2016Altostratus
thank you for these advices.
By default, the SSL handshake is done in TLSv1.2.
What I see in my ltm log:
Connection error: ssl_select_suite:4136: TLS_FALLBACK_SCSV with a lower protocol (86)
I disabled the TLSv1.2 on my SSL profile.
Now it works in TLSv1.1 but I still don't understand why the SSL handshake fails with TLSv1.2 .
thank you;
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects