F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Mar 26, 2024

CVE-2024-21410

does F5 has mitigation for CVE-2024-21410 ?  based on microsoft document we must disble ssl offloding with load balancer , as below  SSL Offloading scenarios Extended Protection isn't supported in...
application delivery
security
Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Mar 26, 2024

Hi THE_BLUE,

to my knowledge F5 does not provide an Attack Signature or a Threat Campaign that protects from CVE-2024-21410.

Extended Protection is supported in environments that use SSL Bridging under certain conditions. That should solve your issue.
IMHO the days of SSL offloading are anyhow over, also internal networks cannot be considered as secure any longer. Therefore, go for SSL Bridging.

KR
Daniel

THE_BLUE's avatar
THE_BLUE
Icon for Cirrostratus rankCirrostratus
Mar 26, 2024

Thank you for your clarification. 

How to enable ssl bridging ? what i should configure in WAF ? , if i enabled https (port 443) from client to WAF with client ssl  and enable http (port 80) from WAF to server (pool) and no server ssl profile. Does this achieve ssl bridging ? 

  • Paulius's avatar
    Paulius
    Icon for MVP rankMVP
    Mar 26, 2024

    THE_BLUE SSL bridging can be configured by using both the client and server SSL profile. By the end of this configuration the F5 will decrypt traffic using the SSL server profile and then re-encrypt using the SSL client profile.