F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Virtualrana_132's avatar
Virtualrana_132
Icon for Nimbostratus rankNimbostratus
Oct 28, 2014

Disabled SSLv3 but still connects. Do I have to enable anything else to Disable SSLv3?

Hi,   Platform: F5 LTM v11.4   I have Disabled SSLv3 in the ciphers "DEFAULT:!SSLv3", but when I run "openssl s_client -connect www.$clientsite.com.au:443 -ssl3" from a remote box, it still con...
security
TMSH
Virtualrana_132's avatar
Virtualrana_132
Icon for Nimbostratus rankNimbostratus
Oct 28, 2014

It is disabled on the client ssl Profile. My understanding is, when it says "CONNECTED(00000003)" it is connected on port 443. I was looking for "routines:alert handshake failure", but as you can see in the output in my initial post, it wasn't generating that error.

 

As my other testing says SSLv3 is disabled for that site, I am convinced that the site is no longer vulnerable to POODLE, but I am curious why "openssl s_client -connect www.$clientsite.com.au:443 -ssl3" doesn't give me an Handshake error. I would appreciate any explanation as my linux/Command knowledge is not that great.

 

================================

 

SSL-Session: Protocol : TLSv1.1

 

Cipher    : RC4-SHA

Session-ID: 861A650AAFF7F48960489067695E1BBA64D861B0E5D3ACEF520973FF2854C965

Session-ID-ctx:

Master-Key: 
130EDF4766DEDF908B0050E207C7C5827592458871C8A5196843E4666446C47BF71FA35801DDF0142043125E853E67A4

Key-Arg   : None

PSK identity: None

PSK identity hint: None

SRP username: None

Start Time: 1414550303

Timeout   : 300 (sec)

Verify return code: 21 (unable to verify the first certificate)