Forum Discussion

Nimbostratus

Sep 20, 2011

New web attack on SSL/TLS using BEAST

Hi there, In the link below, the POC mentioned injecting the js thru use of an iframe ad or just loading the BEAST js into browser, thereafter comes the second stage of sniffing and decrypti...

app sec

BIG-IP Access Policy Manager (APM)

security

BAMcHenry

Ret. Employee

Sep 22, 2011

Mitigating the initial attack vector, which is a combination of XSS and CSRF is the best bet. BIG-IP v11 does support TLS1.2. However, I do not think that FireFox, Safari, or Chrome support TLS 1.2 yet. And on Windows, only Vista/7 with IE8+ support TLS 1.2. So, there's a very large portion of the Internet population unable to access any site that moved forward with enforcing TLS1.2-only right now.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

New web attack on SSL/TLS using BEAST

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

SSO login for APM Profiles

Can F5 restrict the file types transferred via FTP?

APM VPN LDAP POOL can't contact ldap server.

Kerberos Authentication Failing for Exchange 2016 Behind F5 Cloud WAF

r-series LAG

Related Content

F5 Server SSL Profile using TLS 1.0 instead of TLS 1.2

TLS Fingerprinting to profile SSL/TLS clients without decryption

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

European airport software attack and zero day ‘s are here

F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS