Forum Discussion

amalhotra_6478's avatar
amalhotra_6478
Icon for Nimbostratus rankNimbostratus
Jan 09, 2016

disable sslv3 on httpd(gui configuration)-ltm version 10.2.4

Hi The command below ‘’bigpipe httpd sslciphersuite 'ALL:!ADH:!SSLv2:!SSLv3:!EXPORT40:!EXP:!LOW:!MEDIUM'’ is valid for the version 10.x It is throwing error and not accepted on ltm running 10.2.4 Found out on F5 documentation Beginning in BIG-IP 10.1.0, SSLv2 is disabled at the protocol level. Therefore, it is not necessary to disable the SSLv2 cipher in 10.1.0 and later. So do I need to remove sslv2 and apply on sslv3, wanted to make sure before requesting another change window. Could not find any example in Dev/documentation where SSLV3 is being disabled, all examples shows disabling sslv2. Does it mean sslv3 disabled is not supported for httpd. any insight Thanks

 

2 Replies

  • Pascal_Tene_910's avatar
    Pascal_Tene_910
    Historic F5 Account

    To disable SSLv3 on 10.2.4 GUI. you must be running BIG-IP 10.2.4 HF10 or later.

     

    tmsh modify /sys httpd ssl-protocol "all -SSLv2 -SSLv3"

     

    tmsh save /sys config