Bug ID 529400: An SSL handshake can show `no ciphers selected' in some circumstances

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:

Opened: Jun 23, 2015

Severity: 3-Major

Related Article: K17577


If an SSL profile is configured with only RSA key/cert pair and only ecdhe-ecdsa ciphers are selected, the configuration did not show an error message. Subsequent SSL handshakes do not succeed and show 'no ciphers selected' error messages.


All SSL handshakes fail with `no cipher suite selected'.


Ecdhe-ecdsa ciphers are selected in the `ciphers' list, but no ecde-ecdsa key and cert is configured in the SSL profile.


When configuring an SSL profile, if an ecdhe-ecdsa cipher is selected in the 'ciphers' field, make sure ecdhe-ecdsa key/cert is also configured.

Fix Information

SSL profile configuration now displays an error message indicating configured key/cert type does not match the configured cipher suites.

Behavior Change

The system reports an error message if there are no usable ciphers of the client SSL profile, i.e., the cert/key type of cipher string do not match it or the configured cert/key. In the past the system did not report an error for this invalid configuration.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips