Emad
May 21, 2015Cirrostratus
Logjam TLS Vulnerability
Any update from F5 about Logjam TLS Vulnerability. As default ssl configurations does contain DHE and EDCHE Key exchange.
Create a new profile and use the following cipher: NATIVE:!MD5:!EXPORT:!DES:!DHE:!EDH:!RC4:!ADH:!SSLv3:@SPEED
This will support all profiles included, exclude all the weak ones and order them in order of speed. (This set of options will support Forward Secrecy)
Inherit this profile for all your other profiles. You can replace NATIVE with DEFAULT and play around with this further to minimize the entries since DEFAULT already excludes some options. To see what each option includes use the command:
tmm --clientciphers
For example:
tmm --clientciphers DEFAULT