For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Duncan_Proffitt's avatar
Duncan_Proffitt
Icon for Altostratus rankAltostratus
Apr 12, 2018

Configure for legacy SSL cipher suite

LTM & ASM provisioned   Since the upgrade from 12.1.2 to 13.1.0.4 one of my customers has not been able to access their app.   The customer is using XP and Internet Explorer 8. When the upgrad...
application delivery
LTM
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Apr 12, 2018

Duncan,

 

What's your current client ssl configuration for the VIP (I assume this didn't change during the upgrade)? From this URL Wikipedia WXP and IE 8 only supports TLS 1.0, 3DES and RC4. In the "Default" SSL profiles in v12 there was a 3DES cipher, but this is no longer present in the "Default" profile for v13.

 

Once you've found the ciphers you need you would follow this link Configuring the cipher strength for SSL profiles to create the cipher string. For example, if you were using the default clientssl profile, then creating a new, custom, clientssl profile and amending the string to be 'DEFAULT:3DES:!ADH:!EXP:!SSLv3:!LOW' would add 3DES support. Would advise to be cautious though when adding less secure ciphers.

 

Hope this helps,

 

N