Forum Discussion
SSLv2/SSLv3
Hi, we're running LTM v12.0. Since some legacy applications only support only SSLv2/SSLv3, we try to take away !SSLv2 and -SSLv3 in default cipher list as following:
!EXPORT:DHE+AES-GCM:DHE+AES:DHE+3DES:RSA+AES-GCM:RSA+AES:RSA+3DES:ECDHE+AES-GCM:ECDHE+AES:ECDHE+3DES:-MD5:-RC4
However, seems SSLv2 is not offered (through some SSL tester). Finally we have to make the cipher list as something like that "COMPAT+SSLV2:SSLV3:TLSV1:TLSV1_1:TLSV1_2" (the VS is also used by some newer applications that supports TLSv1.1 and TLSV1.2.
Would like to know if there is a "less insecure" way to setup SSL client profile with such requirement?
Thanks a lot. Regards
- Kevin_Stewart
Employee
Please take a look at the following:
https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html
There are two important pieces of information to glean from this document.
- The COMPAT stack was completely removed in 12.0
- 12.0 does not include support for SSLv3 in the remaining NATIVE stack
Therefore to get SSLv3 support, you'll need to use 11.6.1 and below, and to get SSLv2 support, you'll need 11.6.0 and below. I would however implore you to NOT do this. SSLv2 and SSLv3 were removed from the box for very good reasons.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com