F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Huw_37537's avatar
Huw_37537
Icon for Nimbostratus rankNimbostratus
Nov 28, 2017

SSLv3, TLS1.0 and cipherstrings...

Running v11.6.1. I've tried searching for an answer to this question, which surely must have been asked before, but too many different topics use the same search criteria and I find myself getting in...
LTM
security
sslv3
ltwagnon's avatar
ltwagnon
Ret. Employee
Nov 28, 2017

Without seeing the Wireshark capture, it's hard to say exactly what's going on, but it could be something like this:

http-8443-14, READ: SSLv3 Handshake, length = 87 *** ClientHello, TLSv1

In this case, there is a record of type "Handshake Message" version SSLv3 and length 87 bytes (a typical record size). The contents of the Handshake Message show that this is a "Client Hello" and the client supports up to TLSv1.0.

It's possible that the BIG-IP sees the initial "SSLv3" part of the Handshake Message and rejects it based on the configuration of the SSL profile.

Here's some more info that might help: https://support.f5.com/csp/article/K15292

Also, for troubleshooting purposes, it might help to change the SSL logging level to "debug" so you can see exactly why the BIG-IP sent the handshake failure alert.