Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

neeeewbie's avatar
neeeewbie
Icon for MVP rankMVP
2 months ago

SSL cipher

Hi guys    TLS is weird. Why is this behavior happening?   The server that receives the client hello sends an alert. Transport Layer Security     TLSv1.2 Record Layer: Handshake Protocol...
application delivery
security
neeeewbie's avatar
neeeewbie
Icon for MVP rankMVP
2 months ago

It's as follows:

ltm profile server-ssl /Common/aaa_SSL_Server_Profile {
    app-service none
    defaults-from /Common/serverssl
    options { dont-insert-empty-fragments no-tlsv1.1 no-tlsv1.2 no-sslv3 }
}

 

I don't know anything about the server-side configuration other than that it only supports TLS 1.0.

The above is a TCP packet dump. Do you know what causes these packets to appear?

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
2 months ago

btw. this snippet won't load

root@(awaf)(cfg-sync Standalone)(Active)(/Common)(tmos)# load sys config from-terminal merge verify 
Enter configuration. Press CTRL-D to submit or CTRL-C to cancel.
ltm profile server-ssl /Common/aaa_SSL_Server_Profile {
    app-service none
    defaults-from /Common/serverssl
    options { dont-insert-empty-fragments no-tlsv1.1 no-tlsv1.2 no-sslv3 }
}
Validating configuration...
01b40001:3: A cipher group must be configured when TLS 1.3 is enabled (validation failed for profile /Common/aaa_SSL_Server_Profile).
Unexpected Error: Validating configuration process failed.