Forum Discussion

Nimbostratus

Jan 12, 2009

Disable SSL 2.0

According to our security Auditor we need to disable SSl 2.0 support and support SSL 3.0 or TLS 1.0 instead. I have not found a place in the Client ssl to set this up. I found the following values in ...

Cirrostratus

Jan 13, 2009

You could also use an iRule to check the cipher used and redirect clients to a warning page explaining why they're being blocked if they don't meet your criteria. Here is an example:

Redirect On Weak Encryption (Click here)

The downside to using the client SSL profile options to do this is the client simply gets a TCP reset resulting in a 'page cannot be displayed' error in the browser.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Disable SSL 2.0

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

F5 DNS Logs in JSON Format

Geo location update

Help with an iRule to disconnect active connections to Pool Members that are "offline"

block a specific user

ASM/AWAF declarative policy

Related Content

SSL Offload with HTTP/2.0

behavior of SSL::disable serverside

OAuth 2.0 Dynamic Client Registration

SSL 3.0.7 - Unsafe legacy renegotiation disabled on client side

HTTP 2.0 changes everything

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS