OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Weakness

Question

has anyone been able to isolate and mitigate this issue:  I beleive it has to do with Open SSL and even though every article I read said that the version of software I am running 10.2.2 HF3 is not vulnerable everytime I get scanned I get this as part of the scan - need to be able to mitigate this issue or I will not be PCI compliant.   Anyone knows how to mitigate this issue please help!

fisher1971_2973 · Answer

I have seen this issue as well. I would recommend checking which ciphers your F5 supports. If it only supports high strength ciphers, then this is not an issue. As the downgrade issue will not work. You will only be able to resume the session from high strength cipher to another.&nbsp;
&nbsp;Hope this answers you question.&nbsp;

Forum Discussion

OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Weakness

Recent Discussions

F5 looses the token for the first call

ports are showing open on online scanning tool

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

Related Content

firmware upgrade and downgrade

The best ciphersuite

F5 ciphersuite syntax

Downgrade gone wrong

F5 Software Downgrade from version 14.1.0 to 12.1.2

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS