Forum Discussion
Manny_Santizo_8
Oct 18, 2011Nimbostratus
OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Weakness
has anyone been able to isolate and mitigate this issue: I beleive it has to do with Open SSL and even though every article I read said that the version of software I am running 10.2.2 HF3 is not vulnerable everytime I get scanned I get this as part of the scan - need to be able to mitigate this issue or I will not be PCI compliant. Anyone knows how to mitigate this issue please help!
- fisher1971_2973NimbostratusI have seen this issue as well. I would recommend checking which ciphers your F5 supports. If it only supports high strength ciphers, then this is not an issue. As the downgrade issue will not work. You will only be able to resume the session from high strength cipher to another.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects