need to disable SSLv3 on F5 LTM version 10.2.3 and 11.4.1

Question

Hi, I would like to know if I disable sslv3 in ciphers "DEFAULT:!SSLv3", would it impact our clients in accessing applications/urls.&nbsp;
want to be sure before implementing.&nbsp;

vj_singh_177738 · Answer

I want to disable sslv3 due to sslv3 vulnerability

lyonsg_85618 · Answer

It WILL stop users/clients that can only use SSLv3 from connecting to your virtual server. &nbsp;
Try looking at ClienTSSL stats to show percentage of SSLv3 connections - it shoudln't be many.&nbsp;
p.s. we applied an iRule that would send a response back to client advising them to upgrade browser.&nbsp;

vj_singh_177738 · Answer

Thanks for the information.&nbsp;
Like, Google chrome and firefox has already disabled sslv3. IE still allows but there are other option TLS1, 1.1 and 1.2. If we enable tls1,1.1 and 1.2, would it work fine then?&nbsp;
connection can be built with TLS versions as well.&nbsp;
Please correct me if I am wrong here?&nbsp;

lyonsg_85618 · Answer

Yes if you use something like DEFAULT:!SSLv3 this should block SSLv3 traffic and client should negotiate using TLS

Forum Discussion

need to disable SSLv3 on F5 LTM version 10.2.3 and 11.4.1

4 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

rSeries Configuration Backup

Questions on Migrating configs from iSeries to RSeries F5s

AST Configuration help

reading Client SSL Profile details via Ansible

Raise your hand if you'll be at AppWorld 2026

Related Content

Recommended Version

TMOS Version Update Paths

Disable below cipher

Disabling Weak Ciphers

Set HTTP version

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS