For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SJoshi_230759's avatar
SJoshi_230759
Icon for Nimbostratus rankNimbostratus
Jul 28, 2016

Getting "server is vulnerable to a BEAST attack" message in SSL checker

Hi All, We have upgraded our SSL cert from SHA-1 to SHA-2. We have disabled both SSLv3 & RC4 in ciphers suit. After upgraded one of our VIP with new SSL cert, I have checked in SSL checker to determi...
application delivery
LTM
IainThomson85_1's avatar
IainThomson85_1
Icon for Cumulonimbus rankCumulonimbus
Aug 02, 2016

You've still got DES Cipher Suites enabled in your string. Thats what the checker is complaining about.

 

You'll need to negate this in your Client Side SSL profile.

 

  • SJoshi_230759's avatar
    SJoshi_230759
    Icon for Nimbostratus rankNimbostratus
    Aug 02, 2016

    Hi Ian, So I need to modify my ciphers config in SSL profile? DEFAULT:!SSLv3:!RC4:!DES >> should be my new ciphers? Please confirm.

     

  • IainThomson85_1's avatar
    IainThomson85_1
    Icon for Cumulonimbus rankCumulonimbus
    Aug 02, 2016

    So from your statement

     

    ""BEAST:This server is vulnerable to a BEAST attack Make sure you have the TLSv1.2 protocol enabled on your server. Disable the RC4, MD5, and DES algorithms. Contact your web server vendor for assistance""

     

    Your cipher suites still include DES Ciphers (MD5 aren't - so no need to disable those)

     

    The cipher string you've mentioned will work yes.