For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

awu_7490's avatar
awu_7490
Icon for Nimbostratus rankNimbostratus
Oct 12, 2017

We ran into the same error this morning but for a different reason. The virtual server in question also have multiple SSL client profiles attached, one is for a wildcard cert and the other two are not. We were replacing the non-wildcard certs, and at the same time created new SSL client profiles. During this step, in the new SSL client profile, I changed the Cipher setting to exclude certain cipher suites to be used, but I didn't make the same change for the profile for the wildcard cert, as there is no cert change there. BIG-IP wouldn't accept the new client profiles until all three client profiles to attach to this VS has the same cipher string setting.

 

  • san2hosh_306591's avatar
    san2hosh_306591
    Icon for Nimbostratus rankNimbostratus
    Mar 16, 2018

    Facing the same issue. Is their any other way to resolve this issue.

     

  • awu_7490's avatar
    awu_7490
    Icon for Nimbostratus rankNimbostratus
    Mar 17, 2018

    Check article K13452. According to that article, if multiple SSL client profiles are attached to the same virtual server, the cipher setting and multiple client authentication settings must match across those ssl client profiles. In our case only cipher setting matters, so fixing that part corrected the problem for us.

     

  • san2hosh_306591's avatar
    san2hosh_306591
    Icon for Nimbostratus rankNimbostratus
    Mar 23, 2018

    But Only one client requested to disable a cipher. So finally I disabled that in all profiles which is worked.