Forum Discussion

Cirrus

Oct 19, 2016

SSLv2/SSLv3

Hi, we're running LTM v12.0. Since some legacy applications only support only SSLv2/SSLv3, we try to take away !SSLv2 and -SSLv3 in default cipher list as following: !EXPORT:DHE+AES-GCM:DHE+AE...

application delivery

LTM

Kevin_Stewart

Employee

Oct 19, 2016

Please take a look at the following:

https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html

There are two important pieces of information to glean from this document.

The COMPAT stack was completely removed in 12.0
12.0 does not include support for SSLv3 in the remaining NATIVE stack

Therefore to get SSLv3 support, you'll need to use 11.6.1 and below, and to get SSLv2 support, you'll need 11.6.0 and below. I would however implore you to NOT do this. SSLv2 and SSLv3 were removed from the box for very good reasons.

Forum Discussion

SSLv2/SSLv3

Recent Discussions

URL

Portal Access to HTTPS resources slow

HOW TO HIRE A HACKER TO RECOVER STOLEN BITCOIN. CONTACT FASTFUND RECOVERY

Big-IP Next 20.2.0-2.375.1+0.0.43 iRule count problem

rewrite Azure AD response for portal access via web portal

Related Content

SSL client profile with no TLSv1 , No SSLV2 & No SSLv3 ?

report for sslv2 and sslv3

SSL Protocol Stats for SSLv2, SSLv3, TLS1.1 ad TLS1.2 connections with source

purpose of cipher set to DEFAULT and 'no-sslv2 no-sslv3' in options

Re: CVE-2014-3566: Removing SSLv3 from BIG-IP