Your virtual is passing SSL traffic without decrypting it (no client or server ssl profile). So the data passing through the virtual is just raw tcp containing SSL headers and encrypted HTTP.
The HTTP profile is looking for text HTTP (i.e decrypted data), and will fail on the raw SSL data.
When it fails, it resets the connection.
If you wish to use an HTTP profile on the virtual, you need to add a client-side SSL profile (with the existing self-signed certificate and key, or an externally signed certificate/key/chain), and a server-side SSL profile (the default serverssl certificate should work). This will establish a client side connection that is encrypted using the F5 client-side ssl settings, and a server-side connection that is encrypted based on the application server settings, and in the LTM (where the HTTP profile sees the traffic) the traffic is decrypted plain-text.
This way, you can specify strong and secure client-side SSL options and not be restricted to whatever the SSL options the application server supports (which could be weak SSL).
One caveat: this will not work if the application server requires the client to present a certificate to the application server - there is a specific Proxy SSL option that can be used to enable this, but has very specific cipher requirements to allow observation/modification of the HTTP requests/responses, and the same certificate/key pair must be used on the LTM client-SSL profile as on the application server.