Forum Discussion

Nimbostratus

Jan 13, 2009

Disable SSL 2.0

According to our security Auditor we need to disable SSl 2.0 support and support SSL 3.0 or TLS 1.0 instead. I have not found a place in the Client ssl to set this up. I found the following values in ...

Cirrostratus

Jan 13, 2009

You could also use an iRule to check the cipher used and redirect clients to a warning page explaining why they're being blocked if they don't meet your criteria. Here is an example:

Redirect On Weak Encryption (Click here)

The downside to using the client SSL profile options to do this is the client simply gets a TCP reset resulting in a 'page cannot be displayed' error in the browser.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Disable SSL 2.0

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

CNSA 2.0 Implementation Guide with OpenSSL: How to Build a Quantum-Resistant Certificate Authority

SSL Offload with HTTP/2.0

behavior of SSL::disable serverside

OAuth 2.0 Dynamic Client Registration

SSL 3.0.7 - Unsafe legacy renegotiation disabled on client side

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS