Bug ID 811333: Upgrade fails when SSLv2 cipher is in the cipher list of an SSL profile

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade, LTM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 15.0.0

Fixed In:
15.1.0, 15.0.1, 14.1.2

Opened: Jul 31, 2019
Severity: 3-Major


After upgrade, configuration load fails and the following error is present in /var/log/ltm log: 01070312:3: Invalid keyword 'sslv2' in ciphers list for profile /Common/serverssl-insecure-compatible Unexpected Error: Loading configuration process failed.


The config is not loaded, and upgrade fails.


-- BIG-IP system with SSLv2 as ciphers option in SSL profile running software v12.x/v13.x. -- Upgrading to a version that reports an error when using SSLv2, such as v14.x/v15.x.


If you are encountering this after upgrading, run the following commands from the bash prompt: 1. Backup the configuration: #cp /config/bigip.conf /config/bigip_backup.conf 2. List the occurrences of 'sslv2' in the bigip.conf: #more bigip.conf | grep -i sslv2 3. Remove the SSLv2 references: #sed -i "s/\!SSLv2://g" /config/bigip.conf 4. Check to ensure there are no 'sslv2' references: #more bigip.conf | grep -i sslv2 5. Verify the configuration: #tmsh load sys config verify 6. Try loading the configuration: #tmsh load sys config

Fix Information

SSLv2 validation is removed from the configuration and upgrade succeeds.

Behavior Change