Forum Discussion

GeoffSweet_3221's avatar
GeoffSweet_3221
Icon for Nimbostratus rankNimbostratus
Jan 16, 2009

Disable Anonymous Authentication for SSL

I have followed a couple of posts around trying to figure out how to make this change but so far without any luck. I have a medium priority call in with F5, but I figured while I am waiting for my ca...
config
design
swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Mar 30, 2015

Surprisingly there is no help available for this vulnerability for 11.6.0 Firmware version. However I was expecting that after disabling SSLv2/TLS1 this cipher suite will be disabled, however that wasn't fact.

I had to manually disable this particular cipher from the Client-SSL Profile.

Profile > SSL > Client > TestClientSSL
Ciphers - HIGH:!ADH

After updating the Client-SSL Profile, I verified the HTTPS service on Qualys and DigiCert's SSL Test site and it was fixed. I hope this would help someone.

Cheers!

Venomlace_13384's avatar
Venomlace_13384
Icon for Nimbostratus rankNimbostratus
Jul 15, 2015
within my Client SSL configurations I have this for Ciphers: NATIVE:!MD5:!EXPORT:!DES:!SSLv3:!RC4:@SPEED Do I add HIGH:!ADH within there or replace the entire string with it? Thanks!