Last Modified: Nov 22, 2021
Opened: Sep 18, 2014
When configuring COMPAT ciphers in ServerSSL profile and using Camellia ciphers to perform SSL connection with the backend server, bigip will initiate the client-hello with SSLv2 to the server, which is not supported by Camellia ciphers. If the server side is unable to handle it and ask for the right SSL version, it will stop the SSL handshake process.
Can't start the SSL connection.
1. When configuring COMPAT mode and using Camellia ciphers to connect with the backend server; and 2. When the backend server is performed by openssl and has protocol name specified, or other servers that can't handle sslv2 client-hello.
When using Camellia ciphers in COMPAT mode, please configure "No SSLv2" in the serverSSL profile options List.