Forum Discussion

Nimbostratus

Feb 26, 2015

HTTPS monitor configuration and TLS on v10.2.4 HF10

Hi. We are trying to configure a health monitor to use TLSv1, TLSv1.1 & TLSv1.2 instead of SSLv3 but are having issues getting the monitor to respond. Using ssldump from the LTM command line shows ...

Cirrostratus

Feb 26, 2015

It does solve your issue (which perhaps isn't solvable with this version) but see this article: https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip

Quote:

Outbound connections Many outbound connections are made by BIG-IP, including monitors. These may use SSLv3, but are not full fledged browsers and make single connections rather than the multiple transactions required for the attack. We believe these connections are not vulnerable.

Based on information here: https://support.f5.com/kb/en-us/solutions/public/11000/400/sol11444.html there are only two ciphers that are exclusively non SSLv3. Perhaps try the NATIVE cipher string and see if that helps, although it looks to me like the two stated are included in your current cipher string.

I wonder if your server implementation actually has the necessary support?

Forum Discussion

HTTPS monitor configuration and TLS on v10.2.4 HF10

Recent Discussions

Error while running ansible

URL

Portal Access to HTTPS resources slow

HOW TO HIRE A HACKER TO RECOVER STOLEN BITCOIN. CONTACT FASTFUND RECOVERY

Big-IP Next 20.2.0-2.375.1+0.0.43 iRule count problem

Related Content

F5 Distributed Cloud - Regional Edge Health Monitoring Insights

Getting Started with BIG-IP Next: Configuring Instance High Availability

Health monitor question

F5 BIG-IP SSL Orchestrator Configuration with Advanced WAFaaS

HTTP Monitor