Forum Discussion

Altostratus

May 11, 2016

[Certificate Client Authentication] ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Hi, I use client certificate to authenticate access to a web service. The client certificate is self-signed and I check it with the default BigIP CA. But, when I request the web service w...

Cirrus

Hello,

This message indicates that the SSL version or the Cipher list supported by the F5 and its peer (the client) doesn't match.

You should do a tcpdump on the client or on the F5 system to check the ssl handshake. You may see that there is no matching ciphers between the browser and the VS.

You can also setup the debug level for SSL on System >> Logs >> Options

Yann_Desmarest

Cirrus

May 11, 2016

When you trace the ssl connection, what are the cipher list advised by each peer and which ssl version is used ? I already seen changes between ssl version and ciphers advised when using or not using Client Authentication

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

[Certificate Client Authentication] ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

APM Clientless certificate authentication

BIG-IQ Client Certificate (PKI) Authentication

Automating ACMEv2 Certificate Management on BIG-IP

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator

Doing mTLS Authentication per URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS