Unfortunately, something is poorly documented. There is nothing to find about TLS_FALLBACK_SCSV in AskF5, except in the v11.5.1 HF6 RN: 485188 When the SSL ClientHello contains the SCSV marker, if the client protocol offered is not the latest that the virtual server supports, a fatal alert will be sent.