Bug ID 480039: Need to configure "No SSLv2" in ServerSSL profile when using Camellia ciphers

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.2, 12.1.1, 12.1.0, 12.0.0

Opened: Sep 18, 2014
Severity: 3-Major


When configuring COMPAT ciphers in ServerSSL profile and using Camellia ciphers to perform SSL connection with the backend server, bigip will initiate the client-hello with SSLv2 to the server, which is not supported by Camellia ciphers. If the server side is unable to handle it and ask for the right SSL version, it will stop the SSL handshake process.


Can't start the SSL connection.


1. When configuring COMPAT mode and using Camellia ciphers to connect with the backend server; and 2. When the backend server is performed by openssl and has protocol name specified, or other servers that can't handle sslv2 client-hello.


When using Camellia ciphers in COMPAT mode, please configure "No SSLv2" in the serverSSL profile options List.

Fix Information


Behavior Change