Forum Discussion

Nimbostratus

Feb 17, 2015

Adding Cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA"

Need one information regarding addition of cipher suite to the existing client ssl profile . Due to poodle vulnerability changed the cipher suite from default to RC4-SHA . Currently need to add one m...

SIRT

Feb 18, 2015

Note that if you add this cipher and you're still running 11.4.1 HF3 you will make yourself vulnerable to CVE-2014-8730 (TLS POODLE) - see SOL15882.

I'd recommend upgrading to a fixed version, such as 11.4.1 HF8, which has a code fix for this. Then you could go back to a string such as "DEFAULT:!SSLv3" (you still need to disable SSLv3 for POODLE). SSLv2 is disabled by default, so you don't need !SSLv2 - but using it doesn't hurt.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Adding Cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA"

Recent Discussions

VIP needed for many UDP ports

Creating Policy using Terraform

Unable to get Internet in server using SWG forward Proxy.

ASM don't block attack XSS

AWAF ADD-ON MODULE

Related Content

Cipher Suites Supported (12.1.5.3)

Cipher Suite Practices and Pitfalls

LTM Cipher rule

Disabling Weak Ciphers

Disable below cipher

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS