Forum Discussion

Cirrostratus

Mar 26, 2024

CVE-2024-21410

does F5 has mitigation for CVE-2024-21410 ? based on microsoft document we must disble ssl offloding with load balancer , as below SSL Offloading scenarios Extended Protection isn't supported in...

application delivery

security

Daniel_Wolf

MVP

Hi THE_BLUE,

to my knowledge F5 does not provide an Attack Signature or a Threat Campaign that protects from CVE-2024-21410.

Extended Protection is supported in environments that use SSL Bridging under certain conditions. That should solve your issue.
IMHO the days of SSL offloading are anyhow over, also internal networks cannot be considered as secure any longer. Therefore, go for SSL Bridging.

KR
Daniel

THE_BLUE

Cirrostratus

Mar 26, 2024

Thank you for your clarification.

How to enable ssl bridging ? what i should configure in WAF ? , if i enabled https (port 443) from client to WAF with client ssl and enable http (port 80) from WAF to server (pool) and no server ssl profile. Does this achieve ssl bridging ?

Paulius
MVP
Mar 27, 2024
THE_BLUE SSL bridging can be configured by using both the client and server SSL profile. By the end of this configuration the F5 will decrypt traffic using the SSL server profile and then re-encrypt using the SSL client profile.

Forum Discussion

CVE-2024-21410

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Re: Exchange server extended protection and BigIP

Log-in attacks, Ransomware gangs, Autohack with LLMs-Feb 18-24, 2024- F5 SIRT- This Week in Security

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS