Forum Discussion

kridsana_52318's avatar
kridsana_52318
Icon for Nimbostratus rankNimbostratus
Mar 07, 2016

Is !SSLv3 the same as No SSLv3 ?

Hi everybody

 

I've some question about SSL profile.

 

Is !SSLv3 specify in cipher suite the same as "No SSLv3" option in SSL option?

 

Thank you very much

 

  • No it is not!

     

    !SSLv3 hard disables the SSLv3 ciphers. No SSLv3 disables the SSLv3 protocol.

     

    If you set !SSLv3, but not No SSLv3, the client may negotiate SSLv3 as protocol, then not be able to use any ciphers, since you have disabled them!

     

    See here for reference: Cipher Suite Practices and Pitfalls

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP

      this one deserves a few upvotes to make sure it is on top.

       

  • No it is not!

     

    !SSLv3 hard disables the SSLv3 ciphers. No SSLv3 disables the SSLv3 protocol.

     

    If you set !SSLv3, but not No SSLv3, the client may negotiate SSLv3 as protocol, then not be able to use any ciphers, since you have disabled them!

     

    See here for reference: Cipher Suite Practices and Pitfalls

     

    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP

      this one deserves a few upvotes to make sure it is on top.