CVE-2014-3566: Removing SSLv3 from BIG-IP

The POODLE (CVE-214-03566) vulnerability can force a client to negotiate SSLv3 instead of TLSv1.x ciphers. Then a BEAST-like attack can be conducted against SSLv3 to obtain information from the encry...
Updated Mar 18, 2022
Version 2.0
security
Neha_51838's avatar
Neha_51838
Historic F5 Account
Oct 21, 2014
•Google intends to remove SSL 3.0 fallback support from its clients, such as Chrome (http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html) •Slack (https://twitter.com/SlackHQ/status/522287581862457345) and Twitter (https://twitter.com/twittersecurity/status/522190947782643712) no longer support SSL 3.0. •Mozilla (https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/) will kill Firefox’s support for SSL 3.0 in version 34, due November 25. •Tor (https://lists.torproject.org/pipermail/tor-talk/2014-October/035228.html), designed to aid online anonymity, does not in itself support SSL 3.0, but its Firefox-based browser does and will also need updating. The post gives instructions on disabling SSL 3.0 manually.