Forum Discussion

Nimbostratus

Dec 12, 2014

POODLE Bites

This vulnerability will be affected only for those virtual servers for which you have associated the SSL Profiles. So, If we don't have any virtual servers associated the SSL Profiles but we use in-b...

Dmitri_Ch__1425

Cirrus

Dec 12, 2014

Hi Arun,

This URL may help: https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip

Starting with 11.5.0 DEFAULT cipher excludes SSLv3, so if you didn't have to explicitly enable it (to support older browsers) then it's not vulnerable.

You can disable SSLv3 on management GUI as described in Management plane section in the above link.

CVE-2014-8730 (POODLE 2.0) doesn't affect MGM GUI. More info is here: https://devcentral.f5.com/articles/cve-2014-8730-padding-issue-8151

Thanks.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)