Forum Discussion

Samir_Jha_52506's avatar
Samir_Jha_52506
Icon for Noctilucent rankNoctilucent
May 05, 2015

Block SSL V3 Traffic.

Hi Team,

 

When i did external scan of URL. I found my site is vulnerable with SSLV3. Can any one help me to block it.

 

This server may be vulnerable: SSLv3 is enabled -->This server uses SSLv3, which is a vulnerable protocol. Disable SSLv3 and use TLS 1.0 or higher.

 

Browser compatibility is at risk --> Modern browsers may not trust certificates signed using a SHA-1 hash algorithm. Contact your Certificate Authority to replace SHA-1 certificates installed on the server with SHA-256 certificates.

 

Your server cannot be scanned for the Poodle (TLS) vulnerability --> Try the certificate installation check again.

 

Thank you

 

1 Reply

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Samir,

     

    Couple of ways - this assumes you have a client ssl profile on the virtual server and you are terminating SSL at the bigip (even if you are re-encrypting to the pool members).

     

    1. Configure the Ciphers section. If it's currently DEFAULT then change to DEFAULT:!SSLv3
    2. Configure the client ssl Options List. You should see a "No SSLv3" item you can enable.

    Hope this helps,

     

    N