Forum Discussion
mikeshimkus_111
Oct 14, 2016Historic F5 Account
Hi Gavin, if you manually disable SSLv3 on the profile via the tmsh command line, does the change take immediately? iApps generally use tmsh to do their work, so if you still see the issue, it's not an iApp problem.
- Fred_Slater_856Oct 14, 2016Historic F5 Account
This minimal iapp proves that it works as an iapp template: implementation { iapp::conf create ltm profile client-ssl child defaults-from $::x__parent } presentation { section x { choice parent tcl { iapp::get_items ltm profile client-ssl } } } With this template, I was able to create a profile based on clientssl, and then reconfigure with a parent that contains options { no_sslv3 }. The new iapp-created profile also had no_sslv3.
- Fred_Slater_856Oct 14, 2016Historic F5 Account
Galvin- In support of Mike's comment above, I would eliminate the iapp from the problem. Execute the following tmsh commands and if sslv3 traffic still flows, you have a much more concise case for F5 support.
(tmos) create ltm profile client-ssl parent1 options { no-sslv3 } (tmos) create ltm profile client-ssl child1 (tmos) modify ltm profile client-ssl child1 defaults-from parent1