CVE-2014-3566: Removing SSLv3 from BIG-IP

The POODLE (CVE-214-03566) vulnerability can force a client to negotiate SSLv3 instead of TLSv1.x ciphers. Then a BEAST-like attack can be conducted against SSLv3 to obtain information from the encry...
Updated Mar 18, 2022
Version 2.0
security
Drew_Northup's avatar
Drew_Northup
Icon for Nimbostratus rankNimbostratus
Oct 15, 2014
Ciphers are not protocols. Disabling a "SSLv3" cipher is not the same as disabling the SSLv3 protocol. @Jason Rahm has the right idea, disable the whole SSLv3 protocol using the "No SSLv3" option in your base "clientssl" profile. That way it (should) automatically apply to everything the F5 provides offload for, no extra work needed.