For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Micros_88999's avatar
Micros_88999
Icon for Nimbostratus rankNimbostratus
Mar 25, 2014

How to force pool HTTPS monitoring to use only SSLv3 or TLS1.0

We have an issue where the pool monitors the pool members on port tcp/443 SSL. - The pool member server only allowing TLS1.0 - The virtual server (Server SSL profile) is set to allow only SSLv3.   ...
application delivery
availability
LTM
management
TMOS
Micros_88999's avatar
Micros_88999
Icon for Nimbostratus rankNimbostratus
Jan 09, 2015

Does not work for me.

 

No matter if I specify SSLv3 in the custom monitoring, cipher list, it still uses TLS1.2

 

Plus it seems if I specify something incorrect (like ssl3), f5 device accepts it but then not sending Client Hello.

 

Just to clarify, setting SSLv3 seems to be correct as f5 sends Client Hello, but it uses TLS1.2.

 

  • JRahm_128324's avatar
    JRahm_128324
    Historic F5 Account
    Jan 09, 2015
    what is your current cipher string? Can you try '!TLSv1.2:!TLSv1.1:!TLSv1:SSLv3' If that doesn't work, I'd open a case with support, this might be a bug.