For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jwlarger's avatar
jwlarger
Icon for Cirrus rankCirrus
May 21, 2019

Selecting non-CBC ciphers

Qualys downgraded CBC and so we are dealing with reports that these ciphers are weak. Like:    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) WEAK   So, all our app owners are asking how to a...
application delivery
LTM
Hamish's avatar
Hamish
Icon for Cirrocumulus rankCirrocumulus
May 22, 2019

You make a concious decision.

 

  1. Do you wish to (insecurely) 'support' old insecure clients?
  2. Or do you wish to be secure?

 

Seriously. This is an age old one that goes back to the early days of IE with 56-bit encryption. Then we inserted a redirect for anyone with bad encryption to a page saying update your browser. I'd probably recommend the same today.