ST_Wong
Oct 19, 2016Cirrus
SSLv2/SSLv3
Hi, we're running LTM v12.0. Since some legacy applications only support only SSLv2/SSLv3, we try to take away !SSLv2 and -SSLv3 in default cipher list as following:
!EXPORT:DHE+AES-GCM:DHE+AES:DHE+3DES:RSA+AES-GCM:RSA+AES:RSA+3DES:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:-MD5:-RC4
However, seems SSLv2 is not offered (through some SSL tester). Finally we have to make the cipher list as something like that "COMPAT+SSLV2:SSLV3:TLSV1:TLSV1_1:TLSV1_2" (the VS is also used by some newer applications that supports TLSv1.1 and TLSV1.2.
Would like to know if there is a "less insecure" way to setup SSL client profile with such requirement?
Thanks a lot. Regards