Log Message - ssl3_get_client_hello:no shared cipher / wrong version number
The message shows that a client tried to connect to a Virtual Service using SSL protocol SSLv3 but this has been disabled on the LoadMaster so the connection failed,
Log Message
<Date><Time><LM Hostname> vsslproxy: Client <Client IP> failed SSL negotiation: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
or
SSL routines:ssl3_get_client_hello:wrong version number
For example,
Jul13 11:54:37 Kemp01 vsslproxy: Client 54.198.0.97 failed SSL negotiation: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number
Check the IP addresses of the clients. If it is a valid client, SSLv3 can be enabled on the Loadmaster Virtual Service, however, this is against best practice as it is a weak protocol. Sites such as Qualys SSL labs used for checking website vulnerabilities, will also highlight this. If the client is not valid, you may need to look at using ACLs or Web Application Firewall (WAF) that can block known bad IPs. Details for WAF can be found here.
You can enable or disable SSLv3 on the Virtual Service under the SSL Properties option of the Virtual Service.
