Forum Discussion
3 Replies
- Dave_McCauley_3Cirrostratus
Are they saying a VIP on the device is configured for it, or the management GUI? Perhaps it's a generic message saying that the platform supports SSLv3 but not necessarily that you have it enabled?
Running tmm --clientciphers 'SSLv3' on a v13.1 VE shows that I could enable 20 different SSLv3 ciphers, but by default, the ssl cipher string doesn't have them listed.
If you have a non-custom cipher string in the ssl profiles in use, run that command with them in between the quotes to see what ciphers are configured.
- daveferrier_202Nimbostratus
Hi Dave. Thanks for the reply.
Actually they are pointing to a vip ip. and also complaining about the physical ip of the bigip.
I ran the tmm --clientciphers 'SSLv3' and tmm --clientciphers '3DES' and it came back with a similar response.
All of the ssl profiles in use are defined to use default settings.
I am going to try to negate the weak ciphers in specific profiles.
- Chris_GrantEmployee
Dave already answered this in part, but you can see all the supported ciphers here:
https://support.f5.com/csp/article/K13163
All default ciphers are listed here:
https://support.f5.com/csp/article/K13156
DES and SSLv3 are supported, but SSLv3 has been disabled by default for quite some time:
https://support.f5.com/csp/article/K15022