Forum Discussion

Nimbostratus

Nov 07, 2013

Solved

SSL Cipher error in ltm logfile "Cipher XX:Y negotiated is not configured in profile <sslprofilename>"

I recently moved an HTTPS Virtual Server from an old LTM (running 9.3.1) to a new pair of load balancers running 11.4.1. This particular Virtual Server is using both a client SSL profile and a serve...

Kevin_K_51432
Nov 07, 2013
I don't believe that cipher message is going to map to a specific cipher and I've only ever seen it when the Proxy SSL is configured. Is that a feature you've enabled?

Enabling debug logging for SSL might help, just remember to set it back when done.

tmsh modify sys db log.ssl.level value debug

tmsh modify sys db log.ssl.level value warning

Just a guess; Proxy SSL is enabled and the backend server is using a cipher which isn't in BIG-IP's DEFAULT cipher list. Just some additional background:

http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13389.html

Joe_Volesky_969

Nimbostratus

Nov 07, 2013

Yeah, I want to pass the traffic straight through (for what are likely dumb reasons, I can't terminate SSL on the BIG-IP due to the way Apache is configured on Server B - it's a server I don't run, is old, and needs to do its own SSL stuff, apparently). I guess I'll play with other configurations that don't use the Proxy SSL feature and see where I end up. Thanks again. - Joe

Forum Discussion

SSL Cipher error in ltm logfile "Cipher XX:Y negotiated is not configured in profile <sslprofilename>"

Recent Discussions

ASM cookie, modifying "domain" field

URL

service profile HTTP in LTM v16.1?

iRule resulting in too many redirects

Azure SAML - F5 APM

Related Content

Understanding IPSec IKEv2 negotiation on Wireshark

Understanding IPSec IKEv1 negotiation on Wireshark

iRule to decode WebSocket negotiation and frames

Cipher negotiated between F5 and Node

Adding Cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA"