Forum Discussion
Yann_Desmarest_
Nacreous
Hello,
This message indicates that the SSL version or the Cipher list supported by the F5 and its peer (the client) doesn't match.
You should do a tcpdump on the client or on the F5 system to check the ssl handshake. You may see that there is no matching ciphers between the browser and the VS.
You can also setup the debug level for SSL on System >> Logs >> Options
Yann_Desmarest_
May 11, 2016Nacreous
How did you configured the Client certificate option : Require, Request or Ignore ?
If set in Require, try setting Request and TLS1.2 enabled
Moreover, the TLS_FALLBACK_SCSV option allow the server (bigip) to reject a connection if the client use TLS1.1 and the TLS_FALLBACK_SCSV field but the server support at best TLS1.2.
When Client Certificate is enabled, the client may try to establish a session using TLS1.1. And without client cert, the client may use TLS1.2.