Forum Discussion
Thorsten_90558
Nimbostratus
NimbostratusiRule to mitigate TLS/SSL FREAK?
In before the crowd: Please respond if you have an iRule to mitigate the FREAK attack on TLS/SSL via RSA-EXPORT. (CVE-2015-0204 on OpenSSL, see also https://www.smacktls.com/freak and http://blog.cry...
Depending on the version of TMOS you're running you may not need to do anything, but I would disable it in the SSL profile rather than an iRule, these items should prevent it (I think): !MD5:!EXP:!EXPORT40
This article talks about disabling ciphers on the management plane: https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
shaggyNimbostratus
NimbostratusDepending on your BIGIP software level, the DEFAULT cipher-suite may already have you covered: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171
I believe the MD5 and EXPORT ciphers have been disabled in the DEFAULT cipher list since v10.2
Thorsten_90558Right you are, they do. That's excellent.