Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Selected client SSL does not match security policies for VS after cipher update

Hi,

I'm trying to update ciphers on one of my profiles. The one I want to use is: !LOW:!SSLv2:!SSLv3:!MD5:!RC4+SHA:!EXPORT:!DHE:ECDHE+AES-GCM:ECDHE+AES:AES+SHA+RSA:@STRENGTH This works fine on another VS, but an attemtp of installing it on this one results in this error:

0107157c:3: Selected client SSL profiles do not match security policies for Virtual Server /EXTERNAL/vs_server_443.

Now the OK and NOK vs are a bit different, but I can't figure out which portion of the config can be responsible for this error. Let me summarize the differences:

vs_NOK_443
Protocol Profile (Client):  prot_tcp_client_name_WAN (based on tcp_wan_optimized) 
Protocol Profile (Server):  prot_tcp_client_name_LAN (based on tcp-lan-optimized)
HTTP Profile:               http_xff        

vs_OK_https 
Protocol Profile (Client):  tcp
Protocol Profile (Server):  (use Client Profile)
HTTP Profile:               http_xff_redir-rewrite

Now i do not see any difference between http-xff and http-xff_redir_rewrite is that the latter uses a Server Agent Name

Both server have two client ssl profiles and the profile in question is marked as the default profile for SNI.

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Is there multiple clientSSL profile assigned to vs_server_443?

If there are multiple clientSSL profiles on the same VS, all profiles must be changed simultaneously.

0
Comments on this Answer
Comment made 24-Aug-2018 by Bciesz 146

Lovely :) Thank you

0