F5 High Prio SSLv3 issue CVE-2014-3566 15102014

CVE-2014-3566: Removing SSLv3 from BIG-IP

thanks for the reply shaggy

Is it applciable to both client and server profiles

anyone please help

The solution is applicable to both client-side and server-side profiles.

https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip

"If you are running 11.5.0 or later, your default clientssl and serverssl profiles do not contain SSLv3 ciphers and SSLv3 cannot be negotiated. If your SSL profile derives from these profiles, your application is not vulnerable. On all versions, you can disable SSLv3 ciphers by adding the string “!SSLv3” to your clienssl or serverssl profile. The procedure to change your ciphers is well described in SOL 13171."

We had a environment where it was not possible to update the client which was running SSL 3.0 but was possible to update the ciphers via a configuration file. A mitigation in such a situation is to disable the CBC based ciphers and leave SSL 3.0 enabled.

Note that this will mitigate CVC-2014-3566 but may be weaker if you have other weaker ciphers. Just an option in case disabling SSL 3.0 is not possible due to other constraints.

but if i disable SSL v3 is it unsecured

ok we have few applications on sharepoint

So if i move it to TLS1.2 will the users be imapacted sicne we also have few i rules which are defined