For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MODdev_119626's avatar
MODdev_119626
Icon for Nimbostratus rankNimbostratus
Mar 11, 2014

2-way SSL (Client) and Renegotiation

Greetings! We have clients that use 2-way SSL on some of their pages/paths. One of the clients has recently ran a security scan and asked us we remove SSL renegotiation from their profile. Disabling ...
Cory_50405's avatar
Cory_50405
Icon for Noctilucent rankNoctilucent
Mar 11, 2014

On the SSL server profile, change Secure Renegotiation to 'require' or 'require strict' in order to disable insecure negotiation. Keep in mind that if the back end server isn't patched for this, it could break SSL connections through the LTM.

 

Cory_50405's avatar
Cory_50405
Icon for Noctilucent rankNoctilucent
Mar 12, 2014
The server should be patched for the SSL/TLS renegotiation vulnerability listed here: https://tools.ietf.org/html/rfc5746 If you need client certificate based authentication, I recommend you use proxy SSL. You enable it within both the client and SSL profiles. http://support.f5.com/kb/en-us/solutions/public/13000/300/sol13385.html