Forum Discussion

Nimbostratus

Jan 19, 2016

How to disable TLS_FALLBACK_SCSV extension?

Is there a way to disable the fallback protection for TLS. it makes SWG almost unusable? just logs full of Connection error: ssl_select_suite:5835: TLS_FALLBACK_SCSV with a lower protocol (86)...

Nimbostratus

Jan 20, 2016

I am trying to make SWG "go". but having lots of issues with TLS, i have only been packet caping the F5 to end server side but on all sites that are failing there is a protocol reneg requested. On the client side of the F5 we dont even get to SSL neg because the F5 to server fails first ( this is explicit proxy so F5 getting a proxy CONNECT).

If i modify the SSL profile i can find a configuration that will work with any particular site but then it will break other sites so i cant win.

It seems to me like the F5 is behaving like it is the server in the conversation when it is the client, clients are dumb they should just do what they are told....lol :)

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

How to disable TLS_FALLBACK_SCSV extension?

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 CIS, TLS Extensions, and troubleshooting

F5 Cloud Failover Extension (CFE), private endpoints, and custom DNS

POODLE and TLS_FALLBACK_SCSV deep dive

TLS_FALLBACK_SCSV and tmsh syntax for disabling SSLv3

add /browerWeb Extension after domain name

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS