Bug ID 507331: Using saved configuration with 11.5.2 on AWS may cause SSLv3 to be enabled.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP All(all modules)

Known Affected Versions:
11.4.0, 11.4.1, 11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.0.0, 11.5.3 HF2, 11.4.1 HF9

Opened: Feb 16, 2015

Severity: 3-Major


If a saved configuration from an earlier version is used when launching an instance of BIG-IP v11.5.2 on AWS, then SSLv3 may be enabled on the management interface.


There are known security issues with SSLv3 and the BIG-IP software disables it by default with v11.5.2 on AWS. An enabled SSLv3 on the management interface might make the instance open to an attack, so after upgrading, configurations in which SSLv3 is enabled should be disabled before deploying.


Using configuration saved with version 11.5.2 (and earlier) on AWS.


Disable SSLv3 as documented here: https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip, and in and in SOL15702: https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15702.html.

Fix Information

SSLv3 is no longer enabled after loading a configuration saved with BIG-IP v11.5.2 or earlier, even if SSLv3 was enabled in the original configuration.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips