Cipher Suites to Mitigate against Vulnerabilities

Question

Hi,&nbsp;
I would like to know how to mitigate against the below vulnerabilites, running code version 10.2.1 &nbsp;
TLSV1.X Poodle - CVE-2014-8730 SSLv3 Poodle - CVE-2014-3566Beast

vitaliy_savrans · Answer

Hi,&nbsp;
https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle&nbsp;
https://devcentral.f5.com/questions/beast-attack&nbsp;

samstep · Answer

First of all - have you got the latest Hotfix for 10.2.1?&nbsp;
Also note that some SSL-related vulnerabilities were only patched in SSL profiles starting from v10.2.4...&nbsp;
Check out these articles:&nbsp;
https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle&nbsp;
https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle&nbsp;
You can check how good your cipher config is using the SSL Labs test your websites: https://www.ssllabs.com/ssltest/&nbsp;
Hope this helps,&nbsp;
Sam&nbsp;

hannes_rapp · Answer

Sorry, not possible in v10.2.1 without the use of iRules. Can you upgrade the box to v10.2.4? If yes, I can share a cipher string which will give you a "B" rating in Qualys SSL Labs (this is the max you can get in v10).

Forum Discussion

Cipher Suites to Mitigate against Vulnerabilities

3 Replies

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Random TCP Resets from F5

Base64 decoding issue (JSON request)

F5 i-series Guests to r-series tenants migration

Block specific URL's in APM

Sizing calculation storage

Related Content

Mitigating Log4j Vulnerability using F5 BIG-IP

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

Traffic Management User Interface Vulnerability: The Fix and Temporary Mitigation Options

Vulnerability Mitigation

WordPress Content Injection Vulnerability - ASM Mitigation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS