Bug ID 862557: Client-ssl profiles derived from clientssl-quic fail validation

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:

Fixed In:

Opened: Dec 16, 2019

Severity: 3-Major


After configuring a clientssl-quic profile, you get a validation error: 01b40001:3: A cipher group must be configured when TLS 1.3 is enabled (validation failed for profile /Common/clientssl-f5quic-udp).


You are unable to configure a clientssl profile to work with HTTP/3 + QUIC that is also customized to serve the right certificate, etc.


This can occur when using the clientssl-quic built-in profile to build a profile that can serve HTTP/3 over QUIC.


Modify the clientssl-quic profile to have the following properties: cipher-group quic ciphers none This requires the following additional config objects: ltm cipher group quic { allow { quic { } } } ltm cipher rule quic { cipher TLS13-AES128-GCM-SHA256,TLS13-AES256-GCM-SHA384 description "Ciphers usable by QUIC" }

Fix Information

Update the built-in configuration to pass validation.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips