For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Lupo_38935's avatar
Lupo_38935
Icon for Nimbostratus rankNimbostratus
Nov 06, 2009

mitigating the TLS client-initiated renegotiation MITM attack

I thought I'd share the iRule we use to mitigate one of the recently disclosed TLS attacks. Our focus lies on preventing the possible malicious data insertion during 'client-initiated renegotiation'. ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 20, 2011
F5 has provided a config option in the client SSL profile, called "Renegotiation" to prevent renegotiation by default:

 

 

 

SOL10737: SSL Renegotiation vulnerability - CVE-2009-3555 / VU120541

 

http://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html

 

 

BIG-IP 10.1.0, BIG-IP 10.2.0

 

Introduce a clientssl / serverssl profile option to control whether midstream SSL renegotiation is allowed. For versions which include this CR, the default setting for the clientssl profile is disabled, and the default setting for the serverssl profile is enabled.

 

 

 

Aaron