Disabling SSLv3 for Configuration Utility.

Question

I tried to follow the instructions in SOL15702: SSLv3 vulnerability CVE-2014-3566 to disable SSLv3 for the Configuration Utility (BIG-IP v11.6.0).&nbsp;
Changing, i.e. removing SSLv3, by appending ":!SSLv3" or ":-SSLv3" to the ciphersuite led to my Firefox (v33) giving the following error:&nbsp;
"An error occurred during a connection to example.com. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)"&nbsp;
and I could no longer connect to the CU. I have since reversed the change.&nbsp;
After looking into "/etc/httpd/conf.d/ssl.conf", I have found that it seems that what should be changed is "SSLProtocol" rather than "SSLCipherSuite".&nbsp;

jg · Answer

I have just seen this one: CVE-2014-3566: Removing SSLv3 from BIG-IP, which is right!&nbsp;

jg · Answer

I have found that SOL15702 has since been updated with correct information.&nbsp;

Forum Discussion

Disabling SSLv3 for Configuration Utility.

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

Solution for delayed BIG-IP page load of the Configuration utility

BIG-IP Configuration utility vulnerability CVE-2023-38138

BIG-IP Configuration utility unauthenticated remote code execution vulnerability CVE-2023-46747

F5 utilization

check the utilization on specific node