Bug ID 802245: When HTTP/2 is negotiated, if the provided cipher suite list cannot be matched, then the last one will be selected.

Last Modified: Oct 16, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,, 15.0.0, 15.0.1,,,,

Fixed In:

Opened: Jul 03, 2019

Severity: 3-Major


The last provided cipher suite in the list is chosen if HTTP/2 is negotiated and not matched.


The least-secure cipher suite would be selected.


-- HTTP/2 negotiation is enabled. -- The provided cipher suites are not matched.


Put the most secure cipher suite in the end of the list.

Fix Information

Now the most secure cipher suite is selected regardless of the order in the list.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips