Hello Lynn,
Yes, I knew that the Diffie-Hellman figures are not compatible.
Yes, this is a sample from the tim record:
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslprint: Unknown CipherSuite - 49192
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 76089325, package 19452351276, [172.16.83.254]: 3729 -> [172.16.80.88]: 443; ignoring more data
Wed 21 Feb 17:58:07 2018 6754 Tracking: w13: Version: TLS 1.2 CipherSuite - TLS_RSA_WITH_AES_128_CBC_SHA256 (60) [172.16.83.254]: 22955 -> [172.16.81.7]: 443
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslinterface: network_process_packet: error 9 (too many TCP data out of service in queue), conn 76081672, package 19452352727, [172.16.83.254]: 34773 -> [172.16.80.238]: 443; ignoring more data
Wed Feb 21 17:58:07 2018 6754 Trace: w13: Version: TLS 1.2 CipherSuite - Unknown (49192) [172.16.83.254]: 47712 -> [172.16.80.170]: 443
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslprint: Unknown CipherSuite - 49192
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 76089328, package 19452353266, [172.16.83.254]: 47712 -> [172.16.80.170]: 443; ignoring more data
Wed 21 Feb 17:58:07 2018 6754 Tracking: w13: Version: TLS 1.2 CipherSuite - Unknown (49192) [172.16.83.254]: 55689 -> [172.16.80.225]: 443
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslprint: Unknown CipherSuite - 49192
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 76089329, package 19452353501, [172.16.83.254]: 55689 -> [172.16.80.225]: 443; ignoring more data
Wed Feb 21 17:58:07 2018 6754 Trace: w13: Version: TLS 1.2 CipherSuite - Unknown (49192) [172.16.83.254]: 19870 -> [172.16.80.135]: 443
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslprint: Unknown CipherSuite - 49192
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 76089330, package 19452354164, [172.16.83.254]: 19870 -> [172.16.80.135]: 443; ignoring more data
Wed 21 Feb 17:58:07 2018 6754 Tracking: w13: Version: TLS 1.2 CipherSuite - Unknown (49192) [172.16.83.254]: 49810 -> [172.16.80.66]: 443
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslprint: Unknown CipherSuite - 49192
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslinterface: red_process_package: error 10 (cipher set not supported), conn 76089332, package 19452355197, [172.16.83.254]: 49810 -> [172.16.80.66]: 443; ignoring more data
Wed 21 Feb 17:58:07 2018 6754 Tracking: w13: Version: TLS 1.2 CipherSuite - Unknown (49192) [172.16.83.254]: 28336 -> [172.16.80.108]: 443
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslprint: Unknown CipherSuite - 49192
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 76089331, package 19452355218, [172.16.83.254]: 28336 -> [172.16.80.108]: 443; ignoring more data
Wed 21 Feb 17:58:07 2018 6754 Trace: w13: version: TLS 1.2 CipherSuite - TLS_RSA_WITH_AES_128_CBC_SHA256 (60) [172.16.83.254]: 35235 -> [172.16.80.244]: 443
Wed Feb 21 17:58:07 2018 6754 Trace: w13: Version: TLS 1.2 CipherSuite - TLS_RSA_WITH_AES_128_CBC_SHA256 (60) [172.16.83.254]: 14706 -> [172.16.80.244]: 443
Wed 21 Feb 17:58:07 2018 6754 Trace: w13: Version: TLS 1.2 CipherSuite - Unknown (49192) [172.16.83.254]: 40771 -> [172.16.80.150]: 443
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslprint: Unknown CipherSuite - 49192
Wed 21 Feb 17:58:07 2018 6754! Warning: w13: sslinterface: network_process_packet: error 10 (unsupported ciphersuite), conn 76089335, package 19452356538, [172.16.83.254]: 40771 -> [172.16.80.150]: 443; ignoring more data
Wed Feb 21 17:58:07 2018 6754 Trace: w13: Version: TLS 1.2 CipherSuite - TLS_RSA_WITH_AES_128_CBC_SHA256 (60) [172.16.83.254]: 15745 -> [172.16.80.243]: 443
No, all the traffic between F5 and webservers has a hand-health check with Diffie-Hellman and it was already before Cloudflare was introduced
I think the problem is not in the static content caching. Yesterday, make a test, create a copy of a BT with low volume (login to the webpage). I defined the match with my access credentials and initially counted my income, but then they were more distant counts until I stopped counting, even though I continued to login on the webpage of my customer.