For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ST_Wong's avatar
ST_Wong
Icon for Cirrus rankCirrus
Oct 19, 2016

SSLv2/SSLv3

Hi, we're running LTM v12.0. Since some legacy applications only support only SSLv2/SSLv3, we try to take away !SSLv2 and -SSLv3 in default cipher list as following:   !EXPORT:DHE+AES-GCM:DHE+AE...
application delivery
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 19, 2016

Please take a look at the following:

 

https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html

 

There are two important pieces of information to glean from this document.

 

  1. The COMPAT stack was completely removed in 12.0
  2. 12.0 does not include support for SSLv3 in the remaining NATIVE stack

Therefore to get SSLv3 support, you'll need to use 11.6.1 and below, and to get SSLv2 support, you'll need 11.6.0 and below. I would however implore you to NOT do this. SSLv2 and SSLv3 were removed from the box for very good reasons.