Forum Discussion

Nimbostratus

Sep 20, 2011

New web attack on SSL/TLS using BEAST

Hi there, In the link below, the POC mentioned injecting the js thru use of an iframe ad or just loading the BEAST js into browser, thereafter comes the second stage of sniffing and decrypti...

app sec

BIG-IP Access Policy Manager (APM)

security

BAMcHenry

Ret. Employee

Sep 22, 2011

Mitigating the initial attack vector, which is a combination of XSS and CSRF is the best bet. BIG-IP v11 does support TLS1.2. However, I do not think that FireFox, Safari, or Chrome support TLS 1.2 yet. And on Windows, only Vista/7 with IE8+ support TLS 1.2. So, there's a very large portion of the Internet population unable to access any site that moved forward with enforcing TLS1.2-only right now.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

New web attack on SSL/TLS using BEAST

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

F5 iRule for X-Country-Code not working as expected

F5 Kubernetes CNF GSLB functionality ?

OWASP_Managed Issues

What is the recommended TCP Profile settings monitor settings for ISO 8583 traffic in F5 Big IP ?

Need F5 iRules Consultant - HTTP Header Manipulation Issues

Related Content

F5 Server SSL Profile using TLS 1.0 instead of TLS 1.2

TLS Fingerprinting to profile SSL/TLS clients without decryption

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature

European airport software attack and zero day ‘s are here

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS