For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Asim_Afzal_1147's avatar
Asim_Afzal_1147
Icon for Nimbostratus rankNimbostratus
Apr 17, 2016

how to see SSLv3 is disable or not

Hi Team,   how i will check that SSLv3 is disable or not on my F5 box   Firmware version is 11.5.1  
BIG-IP
devops
LTM
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Apr 17, 2016

Local Traffic -> Profiles -> Client-SSL -> YourSSLProfileName

Check under advanced settings, if Cipher configuration is 

DEFAULT
, then SSLv3 is disabled (because your BigIP version is v11.5.1)

This SOL lists out the SSL/TLS versions and cipher suites in the DEFAULT string per BigIP version: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html

If you want to be sure, you can use the openssl tool to attempt to establish a session using SSLv3: 

openssl s_client -connect devcentral.f5.com:443 -ssl3
- replace 'devcentral.f5.com' with your website FQDN.

You should receive a SSL handshake error similar to the one below. However, if you get a 

Session Established
response, SSLv3 is enabled.

CONNECTED(00000003)
4294956672:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:s3_pkt.c:1472:SSL alert number 40
4294956672:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---