how to see SSLv3 is disable or not

Nimbostratus

Apr 17, 2016

Local Traffic -> Profiles -> Client-SSL -> YourSSLProfileName

Check under advanced settings, if Cipher configuration is

DEFAULT

, then SSLv3 is disabled (because your BigIP version is v11.5.1)

This SOL lists out the SSL/TLS versions and cipher suites in the DEFAULT string per BigIP version: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html

If you want to be sure, you can use the openssl tool to attempt to establish a session using SSLv3:

openssl s_client -connect devcentral.f5.com:443 -ssl3

- replace 'devcentral.f5.com' with your website FQDN.

You should receive a SSL handshake error similar to the one below. However, if you get a

Session Established

response, SSLv3 is enabled.

CONNECTED(00000003)
4294956672:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40
4294956672:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---

Forum Discussion

how to see SSLv3 is disable or not

Recent Discussions

Deploying F5 WAF in front of Azure Web App Services

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

Related Content

Disable below cipher

CVE-2014-3566: Removing SSLv3 from BIG-IP

Disabling Weak Ciphers

TLS_FALLBACK_SCSV and tmsh syntax for disabling SSLv3

SSLv3 POODLE mitigation recommendations