How to force pool HTTPS monitoring to use only SSLv3 or TLS1.0

create a custom https monitor and specify the cipher list as only SSLv3

Does not work for me.

No matter if I specify SSLv3 in the custom monitoring, cipher list, it still uses TLS1.2

Plus it seems if I specify something incorrect (like ssl3), f5 device accepts it but then not sending Client Hello.

Just to clarify, setting SSLv3 seems to be correct as f5 sends Client Hello, but it uses TLS1.2.

!TLSv1.2:!TLSv1.1:!TLSv1:SSLv3 does not work, no Client Hello, the f5 FINs the connection after the successful TCP 3 way handshake.

If I set SSLv3, it sends the Client Hello, but with Version: TLS 1.2 (0x0303)

When I tried to locate the issue, I also did some testing with built in cURL. I found that with cURL, Your can specify used protocol and ciphers in two separate places, like:

curl -1 --cipher "RC4:MD5" https://whatever. where -1 means TLS1.0

but You cannot specify the protocol in the --cipher option, like:

curl --cipher "SSLv3" https://whatever

I don

t know exactly how monitoring works on f5, but isn

t have an "options" field? If yes, we would need one.

We plan to use an external monitoring, with like
curl -NksSf3 .....
Where -3 means forcing SSLv3

Another addition, built in cURL version is 7.19.7 does not support --TLSv1.0  --TLSv1.1  --TLSv1.2
only -1 (TLS1.0) and -3 (--SSLv3) which options available only in cURL 7.34(?)

We

We plan to use an external monitoring, with like curl -NksSf3 ..... Where -3 means forcing SSLv3

Another addition, built in cURL version is 7.19.7 does not support --TLSv1.0 --TLSv1.1 --TLSv1.2 only -1 (TLS1.0) and -3 (--SSLv3) which options available only in cURL 7.34(?)

We`ve upgraded from 11.4.1 to 11.5.1 HF5 (and planning to upgrade to HF7) but the built in cURL was not upgraded in the new version either.

Opened support case C1742429

Hi, i was having the same problem. My problem was solved after upgraded the unit to version 11.5.3

https://support.f5.com/kb/en-us/solutions/public/16000/600/sol16646.html