Forum Discussion

Joe_Volesky_969's avatar
Joe_Volesky_969
Icon for Nimbostratus rankNimbostratus
Nov 07, 2013

SSL Cipher error in ltm logfile "Cipher XX:Y negotiated is not configured in profile <sslprofilename>"

I recently moved an HTTPS Virtual Server from an old LTM (running 9.3.1) to a new pair of load balancers running 11.4.1. This particular Virtual Server is using both a client SSL profile and a serve...
  • Kevin_K_51432's avatar
    Nov 07, 2013

    I don't believe that cipher message is going to map to a specific cipher and I've only ever seen it when the Proxy SSL is configured. Is that a feature you've enabled?

     

    Enabling debug logging for SSL might help, just remember to set it back when done.

     

    tmsh modify sys db log.ssl.level value debug

     

    tmsh modify sys db log.ssl.level value warning

     

    Just a guess; Proxy SSL is enabled and the backend server is using a cipher which isn't in BIG-IP's DEFAULT cipher list. Just some additional background:

     

    http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13389.html