Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP All
Known Affected Versions:
11.4.0, 11.4.1, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
12.0.0, 11.5.3 HF2, 11.4.1 HF9
Opened: Feb 16, 2015 Severity: 3-Major
If a saved configuration from an earlier version is used when launching an instance of BIG-IP v11.5.2 on AWS, then SSLv3 may be enabled on the management interface.
There are known security issues with SSLv3 and the BIG-IP software disables it by default with v11.5.2 on AWS. An enabled SSLv3 on the management interface might make the instance open to an attack, so after upgrading, configurations in which SSLv3 is enabled should be disabled before deploying.
Using configuration saved with version 11.5.2 (and earlier) on AWS.
Disable SSLv3 as documented here: https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip, and in and in SOL15702: https://support.f5.com/kb/en-us/solutions/public/15000/700/sol15702.html.
SSLv3 is no longer enabled after loading a configuration saved with BIG-IP v11.5.2 or earlier, even if SSLv3 was enabled in the original configuration.