NimbostratusHi Gavin, if you manually disable SSLv3 on the profile via the tmsh command line, does the change take immediately? iApps generally use tmsh to do their work, so if you still see the issue, it's not an iApp problem.
This minimal iapp proves that it works as an iapp template:
implementation {
iapp::conf create ltm profile client-ssl child defaults-from $::x__parent
}
presentation {
section x {
choice parent tcl {
iapp::get_items ltm profile client-ssl
}
}
}
With this template, I was able to create a profile based on clientssl, and then reconfigure with a parent that contains options { no_sslv3 }. The new iapp-created profile also had no_sslv3.
Galvin- In support of Mike's comment above, I would eliminate the iapp from the problem. Execute the following tmsh commands and if sslv3 traffic still flows, you have a much more concise case for F5 support.
(tmos) create ltm profile client-ssl parent1 options { no-sslv3 }
(tmos) create ltm profile client-ssl child1
(tmos) modify ltm profile client-ssl child1 defaults-from parent1