For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Moinul_Rony's avatar
Moinul_Rony
Icon for Altostratus rankAltostratus
Sep 04, 2014

How to disable CIPHER for and Disable TCP time stamp on F5 ?

Hi, We have just being chased by PCI Compliance about having vulnerabily that detected WEAK CIPHER support and TCP Timestamp being turned ON. --Report say our application: Negotiated with the fol...
application delivery
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Sep 04, 2014

i normally see people using cipher string from this sol if there is no special requirement.

 

sol13171: Configuring the cipher strength for SSL profiles (11.x)

 

http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html

 

for tcp timestamp, is it this one?

 

TCP timestamp response

 

http://www.rapid7.com/db/vulnerabilities/generic-tcp-timestamp

 

sol8072: Obtaining uptime information from TCP timestamps

 

http://support.f5.com/kb/en-us/solutions/public/8000/000/sol8072.html

 

Moinul_Rony's avatar
Moinul_Rony
Icon for Altostratus rankAltostratus
Sep 06, 2014
Thanks, on another point PCI scan pointed out absense of "Forward Secrecy with the reference browsers". Can this be implemented/enforced via F5?