Enable SSLv3 for VIP on 11.5.1 HF7

Question

Hello All,&nbsp;
recently We upgraded HF7 from HF1 on one of our F5 , after this we observed it completely blocking SSLv3 . Can you please let me know if we have any option to enable SSLv3 for VIP configured under this F5 ?&nbsp;

kevin_stewart · Answer

The absolute easiest option is to modify the Ciphers option in the client SSL profile. SSLv3 is still supported in the NATIVE stack but was removed from the DEFAULT stack (a subset of NATIVE).
DEFAULT:SSLv3

But of course keep in mind that SSLv3 has recently been shown to have some pretty severe vulnerabilities and best practice is to avoid it if at all possible. At the very least also remove support for MD5 and DES-CBC-SHA, and potentially RC4:
DEFAULT:SSLv3:!MD5:!DES-CBC-SHA:!RC4

You can validate this list from the command line with the tmm --clientciphers tool:
tmm --clientciphers 'DEFAULT:SSLv3:!MD5:!DES-CBC-SHA:!RC4'

Forum Discussion

Enable SSLv3 for VIP on 11.5.1 HF7

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

Related Content

SSLv3 POODLE mitigation recommendations

CVE-2014-3566: Removing SSLv3 from BIG-IP

iRule to stop SSLv3 connections

Future-Proofing Your Network: Enabling Quantum Ciphers on F5 BIG-IP TMOS 17.5.1

enable WebSocket profile.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS