Forum Discussion

Nimbostratus

Feb 22, 2016

Logjam and FREAK using BIG-IP 9.4.3 - please help!

Hello Have a number of sites running on the old BIG-IP 9.4.3 box that business just does not want to upgrade We have mitigated the previous SSL vulnerabilities by setting the SSL profile ciphers to D...

Nimbostratus

Feb 23, 2016

You could try using profile string 'RSA+AES:!SSLv3' ..... That's about the only option you have I think

[a-dstout@ltm13:Active:In Sync] ~  tmm --clientciphers 'RSA+AES:!SSLv3'
       ID  SUITE                            BITS PROT    METHOD  CIPHER  MAC     KEYX
 0:    61  AES256-SHA256                    256  TLS1.2  Native  AES     SHA256  RSA       
 1:    53  AES256-SHA                       256  TLS1    Native  AES     SHA     RSA       
 2:    53  AES256-SHA                       256  TLS1.1  Native  AES     SHA     RSA       
 3:    53  AES256-SHA                       256  TLS1.2  Native  AES     SHA     RSA       
 4:    53  AES256-SHA                       256  DTLS1   Native  AES     SHA     RSA       
 5:    60  AES128-SHA256                    128  TLS1.2  Native  AES     SHA256  RSA       
 6:    47  AES128-SHA                       128  TLS1    Native  AES     SHA     RSA       
 7:    47  AES128-SHA                       128  TLS1.1  Native  AES     SHA     RSA       
 8:    47  AES128-SHA                       128  TLS1.2  Native  AES     SHA     RSA       
 9:    47  AES128-SHA                       128  DTLS1   Native  AES     SHA     RSA

That or decide that the business deserves to fall on its a** out of sheer ignorance lol

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)