Forum Discussion
Hannes_Rapp
Apr 17, 2016Nimbostratus
Local Traffic -> Profiles -> Client-SSL -> YourSSLProfileName
Check under advanced settings, if Cipher configuration is
DEFAULT
, then SSLv3 is disabled (because your BigIP version is v11.5.1)
This SOL lists out the SSL/TLS versions and cipher suites in the DEFAULT string per BigIP version: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html
If you want to be sure, you can use the openssl tool to attempt to establish a session using SSLv3:
openssl s_client -connect devcentral.f5.com:443 -ssl3
- replace 'devcentral.f5.com' with your website FQDN.
You should receive a SSL handshake error similar to the one below. However, if you get a
Session Established
response, SSLv3 is enabled.
CONNECTED(00000003)
4294956672:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40
4294956672:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---