Forum Discussion

Nimbostratus

Feb 18, 2015

SSL Error when requests come from proxy

Hello, I have a problem with some Virtual Servers on LTM. I use SSLClient Profiles so the dialog between F5 and server is uncrypted. All the parameters are the default ones. This configura...

Brad_Parker

Cirrus

Feb 19, 2015

Your client is most likely sending an SSLv2 compatible hello that also states that he can talk TLS as well. The proxy is sending SSLv3 hello, which means it can only negotiate up to SSLv3. The default cipher list in 11.5+ disables SSLv3, which is why your proxy is failing to complete the SSL handshake. You will either need to configure the proxy to use TLS or change your cipher list to include SSLv3 like this:

!LOW:!MD5:!RC4-SHA:!EXPORT:DHE+AES-GCM:DHE+AES:DHE+3DES:AES-GCM+RSA:RSA+AES:RSA+3DES:ECDHE+AES-GCM:ECDHE+AES:ECDHE-RSA-DES-CBC3-SHA

. That would be the same as DEFAULT in 11.6 with the addition of SSLv3. I would suggest changing the proxy as SSLv3 is very vulnerable and no longer considered to be secure. PCI-DSS has also now officially stated it is not compliant to use SSLv3 at all.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL Error when requests come from proxy

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Disabling signature for a URL

XC - geo LB to the origin servers

F5 LACP

Terraform LTM provider - ICMP disabled on resulting VIPs

SSLO Policy Condition - Server Certificate (Issuer DN)

Related Content

Proxy Protocol v2 Initiator

SSL Forward Proxy – Certificate Error Graceful Failure

Intelligent Proxy Steering - Office365

Proxy Protocol Initiator

What is a Proxy?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS