JG
Oct 21, 2014Cumulonimbus
Disabling SSLv3 for Configuration Utility.
I tried to follow the instructions in SOL15702: SSLv3 vulnerability CVE-2014-3566 to disable SSLv3 for the Configuration Utility (BIG-IP v11.6.0).
Changing, i.e. removing SSLv3, by appending ":!SSLv3" or ":-SSLv3" to the ciphersuite led to my Firefox (v33) giving the following error:
"An error occurred during a connection to example.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)"
and I could no longer connect to the CU. I have since reversed the change.
After looking into "/etc/httpd/conf.d/ssl.conf", I have found that it seems that what should be changed is "SSLProtocol" rather than "SSLCipherSuite".