Robot Vulnerability (CVE-2017-6168) Remediation

Question

Hi, &nbsp;
Urgent Please !!&nbsp;
To mitigate the risk with ROBOT attack how to disable RSA key in clientSSl profile through GUI ? &nbsp;
https://support.f5.com/csp/article/K21905460&nbsp;

hamish · Answer

Include !RSA in the client ciphers... Same as the tmsh/command line.... &nbsp;
In v13 you configure that via either a client cipher group, or a cipher string.&nbsp;

ashua_246482 · Answer

I have disabled the RSA Key exchange in default clientssl profile And 90% of our clientssl profiles using that default one. But there are still some profiles which use custom ssl profiles and we dont know which one are they, as no inventory available. In total we have 500+ profiles. Do i have to go into each of them one by one and check or Is there a command i can use to find out which profiles are enabled for custom ciphers?

suzyw720_345395 · Answer

Hello &amp; just wondering,....Did including !RSA in the client ciphers resolve this issue for you?&nbsp;

ashu_2116 · Answer

Yes, It had resolved the issue. You can test the results at&nbsp;
https://robotattack.org&nbsp;

mohammed_jabbar · Answer

TLS ROBOT Vulnerability Detected this issue  belongs to application  or os &nbsp;

Forum Discussion

Robot Vulnerability (CVE-2017-6168) Remediation

Recent Discussions

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

Related Content

Return of Bleichenbacher - the ROBOT Attack CVE-2017-6168

F5 Partner Solution Showcase - "ImmuniWeb - Application Security Testing and Remediation"

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

Remediating Logjam: an iRule Countermeasure

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS