Bug ID 480039: Need to configure "No SSLv2" in ServerSSL profile when using Camellia ciphers

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.2, 12.1.1, 12.1.0, 12.0.0

Opened: Sep 18, 2014

Severity: 3-Major


When configuring COMPAT ciphers in ServerSSL profile and using Camellia ciphers to perform SSL connection with the backend server, bigip will initiate the client-hello with SSLv2 to the server, which is not supported by Camellia ciphers. If the server side is unable to handle it and ask for the right SSL version, it will stop the SSL handshake process.


Can't start the SSL connection.


1. When configuring COMPAT mode and using Camellia ciphers to connect with the backend server; and 2. When the backend server is performed by openssl and has protocol name specified, or other servers that can't handle sslv2 client-hello.


When using Camellia ciphers in COMPAT mode, please configure "No SSLv2" in the serverSSL profile options List.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips