Forum Discussion

Nimbostratus

Jan 12, 2009

Disable SSL 2.0

According to our security Auditor we need to disable SSl 2.0 support and support SSL 3.0 or TLS 1.0 instead. I have not found a place in the Client ssl to set this up. I found the following values in ...

Cirrostratus

Jan 13, 2009

You could also use an iRule to check the cipher used and redirect clients to a warning page explaining why they're being blocked if they don't meet your criteria. Here is an example:

Redirect On Weak Encryption (Click here)

The downside to using the client SSL profile options to do this is the client simply gets a TCP reset resulting in a 'page cannot be displayed' error in the browser.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)