Block SSL V3 Traffic.

Question

Hi Team, &nbsp;
When i did external scan of URL. I found my site is vulnerable with SSLV3. Can any one help me to block it. &nbsp;
This server may be vulnerable: SSLv3 is enabled
--&gt;This server uses SSLv3, which is a vulnerable protocol. Disable SSLv3 and use TLS 1.0 or higher.&nbsp;
Browser compatibility is at risk --&gt;
Modern browsers may not trust certificates signed using a SHA-1 hash algorithm. Contact your Certificate Authority to replace SHA-1 certificates installed on the server with SHA-256 certificates.&nbsp;
Your server cannot be scanned for the Poodle (TLS) vulnerability --&gt;
Try the certificate installation check again.&nbsp;
Thank you&nbsp;

nathe · Answer

Samir,&nbsp;
Couple of ways - this assumes you have a client ssl profile on the virtual server and you are terminating SSL at the bigip (even if you are re-encrypting to the pool members).&nbsp;
Configure the Ciphers section. If it's currently DEFAULT then change to DEFAULT:!SSLv3Configure the client ssl Options List. You should see a "No SSLv3" item you can enable.
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

Block SSL V3 Traffic.

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Software Downgrade from version 17.x.x to 15.x.x

Error diskmonitor

CPU utilization of F5OS on r2600

sslprovide (--f5 ssl) does not generate CLIENT/SERVER_TRAFFIC_SECRET on server-side TLS traffic

Hardware replacement i2800 to r2600

Related Content

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Block traffic

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

SSL Orchestrator Advanced Use Cases: Custom Blocking Pages

Rate Limiting SSL VPN User Traffic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS