Are you testing on a physical unit or a VM? In a quick test on v10.2.1 VE, I see the same issue:
when CLIENT_ACCEPTED {
log local0. "[IP::client_addr]:[TCP::client_port]: Connected"
}
when CLIENTSSL_HANDSHAKE {
log local0. "[IP::client_addr]:[TCP::client_port]: \[SSL::cipher version\]: [SSL::cipher version], \[SSL::sessionid\]: [SSL::sessionid]"
}
when HTTP_REQUEST {
log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::request]"
HTTP::respond 200 content "hi"
}
And the log output:
: 10.1.0.1:58485: Connected
: 10.1.0.1:58485: [SSL::cipher version]: SSLv2, [SSL::sessionid]:
: 10.1.0.1:58485: GET /
: 10.1.0.1:58493: Connected
: 10.1.0.1:58493: [SSL::cipher version]: SSLv3, [SSL::sessionid]: 0abe7fe49350fc49cbfd6456a4632d083740b9e8d2d7914c8db4cf87c7350c3c
: 10.1.0.1:58493: GET /
: 10.1.0.1:58510: Connected
: 10.1.0.1:58510: [SSL::cipher version]: TLSv1, [SSL::sessionid]: 0abe7fe49350fc4acbfd6456a4632d083740b9e8d2d7914d8db4cf87c7350c0f
: 10.1.0.1:58510: GET /
There was an old (9.1.x) bug (BZ 244363) with SSLv2 and some SSL:: iRule commands but that should have been fixed a long time ago. I suggest opening a case with F5 Support to have them investigate this.
Aaron