Forum Discussion

Altostratus

Nov 21, 2017

BIG-IP SSL vulnerability CVE-2017-6168

Hi! We are reading the https://support.f5.com/csp/article/K21905460 new critical vulnerability, and one possible workaround is disabling RSA cipher (using the cipher string DEFAULT:!RSA). In yo...

Cirrostratus

Nov 21, 2017

RSA is the oldest most widely supported SSL/TLS key exchange. If you disable it, very old clients will not be able to handshake. The main one would be IE on XP.

When considering changing client SSL profile configuration, a good way to get an idea of how client will be affected is to use a test virtual server, and then test with Qualys SSL Labs server test: https://www.ssllabs.com/ssltest/

In the report, look for the "Handshake simulation" section. This reports the cipher used for a selection of browser and OS versions and any errors/warnings.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

BIG-IP SSL vulnerability CVE-2017-6168

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Return of Bleichenbacher - the ROBOT Attack CVE-2017-6168

Mitigating Log4j Vulnerability using F5 BIG-IP

Automating Certificate Management on F5 BIG-IP

BIG-IP security hardening and compliance checks

Introducing the F5 AI Assistant for BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS