Over the last year, hopefully you haven’t been under a rock and have been aware of all the issues with SSL attacks. I’m sure this post will be outdated, and it isn’t the end-all and be all of fixing this, but it may help someone.

In the SSL profile section on the big ip, use the following:


This allows the default as set on your F5, allow TLS v1, TLS v1.2 and disallows SSLV3, SSLV2 and RC4. There are of course other vulns out there!