CVE-2014-3566: Removing SSLv3 from BIG-IP

The POODLE (CVE-214-03566) vulnerability can force a client to negotiate SSLv3 instead of TLSv1.x ciphers. Then a BEAST-like attack can be conducted against SSLv3 to obtain information from the encry...
Updated Mar 18, 2022
Version 2.0
security
Mike_Dayton_108's avatar
Mike_Dayton_108
Icon for Nimbostratus rankNimbostratus
Feb 09, 2015
Before you disable SSLv3 on your servers, verify that the version you are running supports TLS monitors. Monitors run out of OpenSSL which is different from payload (unless you are using COMPAT which I believe forces the use of OpenSSL for payload as well. Run openssl ciphers -v 'ALL:!SSLv2' and see what is available for monitors.