SSL Cipher error in ltm logfile "Cipher XX:Y negotiated is not configured in profile <sslprofilename>"

Thanks for your reply, and that link to the KB article.

I do have "Proxy SSL" enabled on both SSL profiles - this is kind of new to me, though- on the 9.3.1 platform, this didn't exist, but it seems like the only way I could get the same functionality on 11.4.1. Frankly, this is a simple setup:

2 backend Web servers A and B. There's a single virtual server for port 80 requests and a single virtual server for port 443 requests. There's an iRule in place on the port 80 VS which simply does "when http request, if URI = (a number ofthings) send it to node A, otherwise send it to B". The port 443 VS has a pool associated with it which only includes Server B - all SSL traffic is sent to Server B.

While I have things set up to do x-forwarded-for on the SSL Virtual Server I don't even know that I care to have that functionality - which raises the question of why I'm doing Proxy SSL at all. The "Server B" webserver has the SSL certificate, key, root CA, intermediate certificates just as the F5 does; maybe I'm making this more complicated, and should configure the SSL Virtual server to simply connect the client directly to Server B for all SSL traffic. I'm just not sure I know how to do that - seems like Proxy SSL is the only way I could get it to work...