Bug ID 505003: SSLv3 is disabled by default on the management interface of BIG-IP on AWS Marketplace

Last Modified: Mar 12, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Opened: Feb 05, 2015
Severity: 4-Minor

Symptoms

SSLv3 has known security issues. To make BIG-IP more secure on AWS, it is disabled by default on the management and data interfaces. This can cause legacy client connections which require SSLv3 to fail.

Impact

Legacy client connections that require SSLv3 might fail.

Conditions

SSLv3 disabled on management interface of BIG-IP on AWS Marketplace.

Workaround

F5 does not recommend changing the default SSL profiles, but they can be configured per K13171: Configuring the cipher strength for SSL profiles (11.x), https://support.f5.com/csp/article/K13171, and K17370: Configuring the cipher strength for SSL profiles (12.x - 13.x), https://support.f5.com/csp/article/K17370.

Fix Information

None

Behavior Change