For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dw_888_212625's avatar
dw_888_212625
Icon for Nimbostratus rankNimbostratus
Oct 27, 2015

Mitigate BEAST vulnerable

For LTM version 11.5.3, using cipher DEFAULT:!RC4. if we would like to include the disabling of cipher TLS_RSA_WITH_3DES_EDE_CBC_SHA, how can this be done? Can we not remove DEFAULT:!RC4 ? do we need...
application delivery
availability
LTM
management
security
Brad_Parker_139's avatar
Brad_Parker_139
Icon for Nacreous rankNacreous
Oct 27, 2015

DEFAULT:!RC4:!RSA+3DES
should do the trick for you.

Brad_Parker_139's avatar
Brad_Parker_139
Icon for Nacreous rankNacreous
Oct 27, 2015
Disabling 3DES does not mitigate BEAST, but it is loosing popularity as being secure as it is considered to be effectively 112bit. The only way to mitigate BEAST server side is to disable TLSv1 if you also want to disable RC4. BEAST is considered to be "fixed" client side in all up-to-date browsers so it is considered to be the lesser of the two evils, RC4 and CBC TLSv1, if you need to still support TLSv1. What is your end goal with tweaking your cipher string?