Forum Discussion

Nimbostratus

Dec 22, 2014

New Cipher for TLS1.x Padding Vulnerability

Currently, we have our client ssl profile set with the following cipher string: !SSLv3:!SSLv2:ALL:!DH:!ADH:!EDH:!MD5:!EXPORT:!DES:@SPEED We have been tasked by our infoSec department to correct ...

application delivery

availability

BIG-IP Access Policy Manager (APM)

Cirrus

Dec 22, 2014

The POODLE vulnerability is only for CBC ciphers. '!SSLv3:RC4-SHA' would result in only RC4 ciphers and exclude SSLv3 which will cover the POODLE vulnerability. The only other issue with this is RC4 is also consider to be weak and soon to be considered insecure. I would recommend upgrading whenever you can to 11.5+ to get access to newer and string cipher such as GCM.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

New Cipher for TLS1.x Padding Vulnerability

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Breaking Down the Quantum Challenge: TLS Cipher Suite Vulnerabilities and FIPS Post-Quantum Standards Explained

CVE-2014-8730 Padding issue

OpenSSH vulnerability

Cipher Suite Practices and Pitfalls

Mitigating Log4j Vulnerability using F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS