Forum Discussion
LTM error message
Hi Team,
I receive below messages in /var/log/ltm. Any suggestions ?
warning tmm[9502]: 01260009:4: Connection error: ssl_hs_rxhello:7110: unsupported version (40) warning tmm[9502]: 01260009:4: Connection error: ssl_select_suite:6578: TLS_FALLBACK_SCSV with a lower protocol (86) warning tmm1[9502]: 01260009:4: Connection error: ssl_select_suite:6578: TLS_FALLBACK_SCSV with a lower protocol (86) warning tmm[9502]: 01260009:4: Connection error: ssl_hs_rxhello:7110: unsupported version (40)
Version : 12.0.0 HF2
- Samir_Jha_52506Noctilucent
A secure connection cannot be established because unsupported protocol. Enable SSL debug n see which vip doesn't support SSL/TLS protocol.
- AnoopNimbostratus
As per https://support.f5.com/csp/article/K15292 beginning in 12.0.0, the BIG-IP system automatically logs SSL handshake failure information through standard logging; the use of debug logging for SSL handshake failures is not required.
Should I still enable SSL debug ?
- AnoopNimbostratus
DB says ssl log level is warning. I will enable debug and see whats going on. Thanks
sys db log.ssl.level { default-value "Warning" scf-config "false" value "Warning" value-range "Alert Critical Debug Emergency Error Informational Notice Warning" }
- SurgeonRet. Employee
There is SSL version mismatch. Client side uses low version which can not be used by big-ip. big-ip can not lower it's ssl version.
The best way would be to do a packet capture and confirm that.
12.0.0 does not accept SSLv3 by default.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com