Connection error: ssl_select_suite:5745: TLS_FALLBACK_SCSV with a lower protocol (86)

Question

I cant understand how do I get rid of this message. This error causes https webpage errors. Not all the time but about 30% of all connections.&nbsp;
After upgrading SSL cert to ECC cert and ECDSA key, then problems begun.&nbsp;
F5 debug log:&nbsp;
Connection error: ssl_select_suite:5745: TLS_FALLBACK_SCSV with a lower protocol (86)&nbsp;
Browser error ( latest Chrome and Opera ):&nbsp;
A secure connection cannot be established because this site uses an unsupported protocol.&nbsp;
ssl options&nbsp;
No SSLv2
No SSLv3&nbsp;
Ciphers are ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-CBC-SHA:ECDHE-RSA-AES256-CBC-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!RC4&nbsp;
ECC cert and ecdsa key are described in ssl-client, also RSA key and cert &nbsp;

synack_128568 · Answer

Hi Mihkel ,&nbsp;
Can you please see which cipher suites are sent by client to the F5 when the issue happens and check in wireshark . above ciphers are of F5 client ssl or client ?&nbsp;
Thanks &nbsp;

mihkel_roots_15 · Answer

Hi,&nbsp;
Client sends
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)&nbsp;
Ciphers above are F5 client ssl ciphers.&nbsp;
Thanks for your time :)&nbsp;

mihkel_roots_15 · Answer

Hi,

Client sends Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)

Ciphers above are F5 client ssl ciphers.

Thanks for your time :)

synack_128568 · Answer

is the client also sending tls fallback cipher ? Which ssl version are enabled on client and servre ?&nbsp;

mihkel_roots_15 · Answer

no its not sending fallback cipher.&nbsp;
Server enabled: TLSv1, TLSv1.1, TLSv1.2
Client: Same as server&nbsp;

Forum Discussion

Connection error: ssl_select_suite:5745: TLS_FALLBACK_SCSV with a lower protocol (86)

8 Replies

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

ASM bd daemon crash while processing request body (SIGSEGV) – anyone seen similar behavior?

F5 BIGIP & XC certbot plugin

Questions on R-Series 5800s

GRE Tunnel Issue

GIS app loading very slow through F5 LTM

Related Content

POODLE and TLS_FALLBACK_SCSV deep dive

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

TLS_FALLBACK_SCSV and tmsh syntax for disabling SSLv3

F5 Distributed Cloud Kubernetes Integration: Securing Services with Direct Pod Connectivity

AWS Transit Gateway Connect: GRE + BGP = ?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS