Is !SSLv3 the same as No SSLv3 ?

Question

Hi everybody&nbsp;
I've some question about SSL profile.&nbsp;
Is !SSLv3 specify in cipher suite the same as "No SSLv3" option in SSL option?&nbsp;
Thank you very much &nbsp;

rupert_connell_ · Answer

No it is not!&nbsp;
!SSLv3 hard disables the SSLv3 ciphers.
No SSLv3 disables the SSLv3 protocol.&nbsp;
If you set !SSLv3, but not No SSLv3, the client may negotiate SSLv3 as protocol, then not be able to use any ciphers, since you have disabled them!&nbsp;
See here for reference: Cipher Suite Practices and Pitfalls&nbsp;

rupert_connell · Answer

No it is not!&nbsp;
!SSLv3 hard disables the SSLv3 ciphers.
No SSLv3 disables the SSLv3 protocol.&nbsp;
If you set !SSLv3, but not No SSLv3, the client may negotiate SSLv3 as protocol, then not be able to use any ciphers, since you have disabled them!&nbsp;
See here for reference: Cipher Suite Practices and Pitfalls&nbsp;

faruk_aydin · Answer

Yes, It is equivalent.&nbsp;

faruk_aydin · Answer

use : ALL:!SSLv2!SSLv3 and also disable weak ciphers.

boneyard · Answer

this one deserves a few upvotes to make sure it is on top.&nbsp;

Forum Discussion

Is !SSLv3 the same as No SSLv3 ?

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

CVE-2014-3566: Removing SSLv3 from BIG-IP

SSLv3 POODLE mitigation recommendations

iRule to stop SSLv3 connections

How much of my traffic is still SSLv3?

CVE-2014-3566: Removing SSLv3 from LineRate

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS