For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bubbagump_12531's avatar
Bubbagump_12531
Icon for Nimbostratus rankNimbostratus
Sep 21, 2015

SSL Handshake failed

We noticed that we have a lot more SSLv3 traffic than we would expect. We want to phase out SSLv3 and we're looking at the SSLClient profile metrics and found ~12% of our users are on SSLv3 which is ...
application delivery
LTM
Patrik_Jonsson's avatar
Patrik_Jonsson
Icon for MVP rankMVP
Sep 22, 2015

What's your cipher string?

 

The client suggests the cipher list, but the server chooses (according to the order of your cipher string).

 

This page has great information about the cipher strings:

 

https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html

 

User agent could possibly be taken with a grain of salt too as it could be easily faked. Have you checked if a majority of the clients comes from the same IP? Could be a scraper posing as FF.

 

Best way to really check it out could be to install the same version of FF yourself and check out the cipher negotiation. :)

 

/Patrik