how to see SSLv3 is disable or not

Question

Hi Team,&nbsp;
how i will check that SSLv3 is disable or not on my F5 box&nbsp;
Firmware version is 11.5.1&nbsp;

hannes_rapp · Answer

Local Traffic -&gt; Profiles -&gt; Client-SSL -&gt; YourSSLProfileName
Check under advanced settings, if Cipher configuration is DEFAULT, then SSLv3 is disabled (because your BigIP version is v11.5.1)
This SOL lists out the SSL/TLS versions and cipher suites in the DEFAULT string per BigIP version:
https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html
If you want to be sure, you can use the openssl tool to attempt to establish a session using SSLv3: openssl s_client -connect devcentral.f5.com:443 -ssl3 - replace 'devcentral.f5.com' with your website FQDN.
You should receive a SSL handshake error similar to the one below. However, if you get a Session Established response, SSLv3 is enabled.
CONNECTED(00000003)
4294956672:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40
4294956672:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---

Forum Discussion

how to see SSLv3 is disable or not

1 Reply

Recent Discussions

Geo Fence in ASM through irule for URI

Chrome V 124+ on MacOS - Virtual Server Access Issue

google-visualization-issues

The best load balance method on this scenario?

SMS server with BIGIP

Related Content

Disable below cipher

Disabling Weak Ciphers

CVE-2014-3566: Removing SSLv3 from BIG-IP

TLS_FALLBACK_SCSV and tmsh syntax for disabling SSLv3

SSLv3 POODLE mitigation recommendations