ssl handshake issue

Question

Hi, All:&nbsp;
When I debug ssl issue, I saw following errors, I saw f5 has a doc. for the error code, but I could not find it.. &nbsp;
What cause "unsupported version (40)", and what cause SSL handshake failed..&nbsp;
ltm code is 11.5.1 HF4&nbsp;
Thanks&nbsp;
Nov 19 19:30:39 slot1/lb-1 info tmm2[14084]: 01260013:6: SSL Handshake failed for TCP x.x.x.x:39113 -&gt; 10.0.215.76:443
Nov 19 19:30:39 slot1/lb1 debug tmm3[14084]: 01260009:7: Connection error: ssl_hs_rxhello:5771: unsupported version (40)
Nov 19 19:30:39 slot1/lb-1 info tmm3[14084]: 01260013:6: SSL Handshake failed for TCP x.x.x.x:51044 -&gt; 10.0.215.76:443
Nov 19 19:30:39 slot1/lb-1 debug tmm2[14084]: 01260009:7: Connection error: ssl_hs_rxhello:5771: unsupported version (40)&nbsp;

muhammad_irfan1 · Answer

Are we talking about client side or server side?
Are you authenticating client?

james_lee_31100 · Answer

client side, nothing for client authentication..&nbsp;
thx&nbsp;

what_lies_bene1 · Answer

Take a look here, this specific error is mentioned and it gives you advice on how to troubleshoot further:&nbsp;
"&gt;https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15292.html" target="_blank"&gt;"&gt;https://support.f5.com/kb/en-us/solutions/public/15000/200/sol15292.html&nbsp;

skye_85590 · Answer

You probably did something like disabling SSLv3 then a client tried to do an ssl3 handshake:&nbsp;
This is actually the default behavior for the default ('DEFAULT') cipher ordering under 11.6.0 HF1 where I tested.  I was using this command against a virtual server from the standby unit, forcing ssl3:   openssl s_client -connect 172.24.76.79:443 -ssl3&nbsp;
SSL in debug does not give much detail but it is evident in captures:&nbsp;
Nov 24 19:50:19 drkraken debug tmm1[11366]: 01260009:7: Connection error: ssl_hs_rxhello:6147: unsupported version (40)
Nov 24 19:50:19 drkraken info tmm1[11366]: 01260013:6: SSL Handshake failed for TCP 172.24.76.70:44545 -&gt; 172.24.76.79:443&nbsp;
Capture shows the sslv3 handshake attempt and subsequent (error 40).&nbsp;
52014-11-24 19:53:36.519200172.24.76.7044195172.24.76.79443SSLv3304IN  s1/tmm3 : Client Hello&nbsp;
62014-11-24 19:53:36.519233172.24.76.79443172.24.76.7044195SSLv3173OUT s1/tmm3 :  Level: Fatal, Description: Handshake Failure)&nbsp;
Logically, I was able to get a successful handshake by enabling ssl3 explicitly on the client-ssl profile in use.&nbsp;
Cheers!&nbsp;

Forum Discussion

ssl handshake issue

4 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5OS VLAN naming length restrictions

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

Maintenance page / local website that includes subfolders

VIPRION B2250 to VELOS CX410 and BIG-IPr10900 migration

Raise your hand if you'll be at AppWorld 2026

Related Content

SSL Profiles Part 1: Handshakes

HTTPS - Monitor SSL Handshake

Knowledge sharing: Troubleshooting/investigating SSL and HTTP issues

TCP Internals: 3-way Handshake and Sequence Numbers Explained

Avoid SSL Handshake When Pool is Unavailable

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS