Forum Discussion
1 Reply
Sort By
- Hannes_RappNimbostratus
Local Traffic -> Profiles -> Client-SSL -> YourSSLProfileName
Check under advanced settings, if Cipher configuration is
, then SSLv3 is disabled (because your BigIP version is v11.5.1)DEFAULT
This SOL lists out the SSL/TLS versions and cipher suites in the DEFAULT string per BigIP version: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html
If you want to be sure, you can use the openssl tool to attempt to establish a session using SSLv3:
- replace 'devcentral.f5.com' with your website FQDN.openssl s_client -connect devcentral.f5.com:443 -ssl3
You should receive a SSL handshake error similar to the one below. However, if you get a
response, SSLv3 is enabled.Session Established
CONNECTED(00000003) 4294956672:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40 4294956672:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes ---