F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Abi80_167352's avatar
Abi80_167352
Icon for Nimbostratus rankNimbostratus
Oct 17, 2014

F5 High Prio SSLv3 issue CVE-2014-3566 15102014

I am running bigip LTM version 10.2.4 and i believethis version is vulnerable to the MIM cuz of which i was adviced to switch over to TLS   My questions are   1) Does it apply to both client ...
security
Amit_Karnik's avatar
Amit_Karnik
Icon for Nimbostratus rankNimbostratus
Oct 20, 2014

We had a environment where it was not possible to update the client which was running SSL 3.0 but was possible to update the ciphers via a configuration file. A mitigation in such a situation is to disable the CBC based ciphers and leave SSL 3.0 enabled.

 

Note that this will mitigate CVC-2014-3566 but may be weaker if you have other weaker ciphers. Just an option in case disabling SSL 3.0 is not possible due to other constraints.