Demeter_Luo_168
Nov 11, 2015Nimbostratus
How to disable SSLv3 negotiation for the BIG-IP Configuration utility
Hi friends, I want to disable SSLv3 negotiations for the BIG-IP Configuration utility in Version 11.4.1 HF4. According to SOL17275,i have been suggested to upgrade the software version and disable SSLv3 negotiation using 'tmsh modify /sys httpd ssl-protocol "all -SSLv2 -SSLv3"'. link text However,we wasn't willing to upgrade its software version. Is there other method or actions to achive my expectation?
Reference: I look up much documents and found a seeming-like solution,guide me to restrict Configuration utility access to clients using high encryption SSL ciphers. link text However,i follow the example of sol13405 to restrict SSLv3 negotiation using the following CLI Command,
`tmsh modify /sys httpd ssl-ciphersuite 'ALL:!EXPORT40:!EXP:!LOW:!SSLv3'`
I execute the upper command and then run
tmsh save sys config
to save the updated configuration,i found there is a error,
Unexpected Error: Configuration cannot be saved unless mcpd is in the running phase. Save was canceled. See "show sys mcp" and "show sys service". If "show sys service" indicates that mcpd is in the run state, but "show sys mcp" is not in phase running, issue the command "load sys config" to further diagnose the problem.