For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Gustavo_Lazarte's avatar
Gustavo_Lazarte
Icon for Nimbostratus rankNimbostratus
Jan 13, 2009

Disable SSL 2.0

According to our security Auditor we need to disable SSl 2.0 support and support SSL 3.0 or TLS 1.0 instead. I have not found a place in the Client ssl to set this up. I found the following values in ...
application delivery
dev
devops
iRules
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
Jan 13, 2009
You can disable SSLv2 in two places in the client SSL setup.

 

 

In the options, you can disable sslv2. (Select options, and then scroll down to 'No SSLv2' in the options list that appears. Select that & select 'Enable'. The 'No SSLv2' option will now be listed in the Enabled Options.

 

 

Or you can set no SSLv2 in the 'Ciphers' list. I usually set the clientssl profile (The one all other are usually set to inherit from) to

 

 

'DEFAULT,!SSLv2,!EXPORT56,!MD5'

 

 

Which disables SSLv2, disables 56-bit encryption (For some REALLY old IE browsers that can stepup from 40bit to 128, but can't do 56 to 128 bit step), and lastly disabled MD5 (Because it's broken - As in insecure not as in a bad implementation).

 

 

H