For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kiran_145850's avatar
Kiran_145850
Icon for Nimbostratus rankNimbostratus
Feb 17, 2015

Adding Cipher suite "TLS_RSA_WITH_AES_128_CBC_SHA"

Need one information regarding addition of cipher suite to the existing client ssl profile . Due to poodle vulnerability changed the cipher suite from default to RC4-SHA . Currently need to add one m...
application delivery
cloud
LTM
management
security
vmware
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
Feb 18, 2015

ALL ciphers except for RC4 are vulnerable to CVE-2014-8730. (AES-GCM is not, but BIG-IP doesn't support that until 11.5.0.) Unless you have a patched release (as per SOL15882) the ONLY non-vulnerable cipher is RC4. All other ciphers are CBC-mode, even if they don't have 'CBC' in the name, and all CBC ciphers are vulnerable.