Forum Discussion

JAIME_QUIROGA_1

Icon for Nimbostratus rank

Nimbostratus

Oct 20, 2014

Solved

How do you select right chiper?

Hi I need you to help me, I have a problem with a virtual Server that uses SSL, I have captured traffic and I see that the client gives a fatal error, I think that the root cause of the error is...

application delivery

John_Heyer_1508
Dec 09, 2014
Cipher's aren't the problem - the capture shows you're negotiating the "DES-CBC3-SHA" cipher, which is the F5's default for SSLv3 clients. RC4-SHA and RC4-MD5 are also options for SSLv3 if the client doesn't support 3DES.

Instead, the issue here is actually with your certificate. It's SHA-2 signed, and SSLv3 only knows about SHA-1 and MD5. You'll need to have the CA re-issue the certificate in SHA-1 format. Note that it won't be possible to get SHA-1 certificates starting in about 2016, so you'll need to upgrade your application to support TLS before then.

JAIME_QUIROGA_1

Icon for Nimbostratus rank

Nimbostratus

Oct 20, 2014

Hi

Thkns for your answer, The LTM's version 11.5.1 with hootfix 4.

Not it's possible, The client uses the SSLv3.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Bram - January 2026 Featured Member

DevCentral News

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

Community Articles

application delivery

container ingress services

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5