Bug ID 442579: Default list does not contain SSLv3 ciphers and cannot be added back.

Last Modified: Oct 01, 2018

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.0

Fixed In:
11.6.0, 11.5.1

Opened: Jan 09, 2014
Severity: 5-Cosmetic

Symptoms

Starting from BIG-IP v11.5.0, SSLv3 ciphers are removed from DEFAULT ciphers in clientssl/serverssl profiles, and specifying "DEFAULT:SSLv3" in the cipher list does not work.

Impact

If you want to add it back, using "DEFAULT:SSLv3" does not work.

Conditions

Starting from v11.5.0, SSLv3 ciphers are removed from DEFAULT ciphers in clientssl/serverssl profiles

Workaround

clientssl profile uses: !SSLv2:!EXPORT:!MD5:RSA+AES:RSA+3DES:RSA+RC4:ECDHE+AES:ECDHE+3DES:ECDHE+RC4 serverssl profile uses: !SSLv2:!EXPORT:!MD5:RSA+AES:RSA+3DES:RSA+RC4:ECDHE+AES:ECDHE+3DES

Fix Information

Allow "DEFAULT:SSLv3" to add SSLv3 after DEFAULT.

Behavior Change