Forum Discussion
Pascal_Tene_910
Dec 27, 2014Historic F5 Account
The issue for CVE-2014-8730 is not that there is a problem with TLS1.x. Rather, there is a problem in the implementation of Padding when using block ciphers in CBC mode. That is why it is recommended to use RC4 which is stream cipher or only use block ciphers in GCM (Galois Counter Mode) which does not use CBC mode.
The best solution at the moment is to upgrade to a version where the padding issue is fixed. Currently 11.5.1 HF7, 11.4.1 HF7 (yes HF7) or 11.6.0 HF3, are the versions I would recommend. CVE-2014-8730 is fixed in these versions, then you will just need to disable SSLv3 for the configuration utility as suggested in SOL15702, in order to mitigate poodle.