Forum Discussion
Kiran_145850
Feb 17, 2015Nimbostratus
Adding Cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA"
Need one information regarding addition of cipher suite to the existing client ssl profile .
Due to poodle vulnerability changed the cipher suite from default to RC4-SHA . Currently need to add one m...
MegaZone
Feb 18, 2015SIRT
Note that if you add this cipher and you're still running 11.4.1 HF3 you will make yourself vulnerable to CVE-2014-8730 (TLS POODLE) - see SOL15882.
I'd recommend upgrading to a fixed version, such as 11.4.1 HF8, which has a code fix for this. Then you could go back to a string such as "DEFAULT:!SSLv3" (you still need to disable SSLv3 for POODLE). SSLv2 is disabled by default, so you don't need !SSLv2 - but using it doesn't hurt.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects