BugZero | F5 BugID 442579 - Default list does not contain SSLv3 ciphers and ca...

F5 - Defect ID: 442579

Default list does not contain SSLv3 ciphers and cannot be added back.

F5 - Defect ID: 442579

Default list does not contain SSLv3 ciphers and cannot be added back.

Last updated on 5/29/2024

Overall: 6.26.2

Severity: 5.55.5

Community: 4.14.1

Lifecycle: 7.17.1

What is the BugZero Risk Score?

Vendor details

Priority: 5-Cosmetic
Status: Verified
Impact Category: Local Traffic Manager

Overall: 6.26.2

Severity: 5.55.5

Community: 4.14.1

Lifecycle: 7.17.1

What is the BugZero Risk Score?

Vendor details

Priority: 5-Cosmetic
Status: Verified
Impact Category: Local Traffic Manager

Symptoms

Starting from BIG-IP v11.5.0, SSLv3 ciphers are removed from DEFAULT ciphers in clientssl/serverssl profiles, and specifying "DEFAULT:SSLv3" in the cipher list does not work.

Impact

If you want to add it back, using "DEFAULT:SSLv3" does not work.

Conditions

Starting from v11.5.0, SSLv3 ciphers are removed from DEFAULT ciphers in clientssl/serverssl profiles

Workaround

clientssl profile uses: !SSLv2:!EXPORT:!MD5:RSA+AES:RSA+3DES:RSA+RC4:ECDHE+AES:ECDHE+3DES:ECDHE+RC4 serverssl profile uses: !SSLv2:!EXPORT:!MD5:RSA+AES:RSA+3DES:RSA+RC4:ECDHE+AES:ECDHE+3DES

Fix Information

Allow "DEFAULT:SSLv3" to add SSLv3 after DEFAULT.

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 442579

Default list does not contain SSLv3 ciphers and cannot be added back.

F5 - Defect ID: 442579

Default list does not contain SSLv3 ciphers and cannot be added back.

Last updated on 5/29/2024

Vendor details

Vendor details

Description

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 defects by risk score

Ready to prevent the next vendor outage?