F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

gijo_342173's avatar
gijo_342173
Icon for Nimbostratus rankNimbostratus
Oct 23, 2018
Solved

SSL passthrough VIP - mitigating birthday attack

Is it possible to apply a SSL client profile to mitigate on the VIP eventhough the VIP is in SSL passthrough mode this per https://support.f5.com/csp/article/K13092 ?   Are there other possibiliti...
application delivery
LTM
security
  • gs_366906's avatar
    gs_366906
    Oct 24, 2018

    In passthrough you cannot add any ssl profile i.e.- client or server

     

gijo_342173's avatar
gijo_342173
Icon for Nimbostratus rankNimbostratus
Oct 24, 2018

I will be applying the following modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:-TLSv1:-SSLv3:RC4-SHA'

 

and NOT anything on the SSL client profile as there is no SSL client profile. The risk is this may break any clients that are using TLSv1 for other virtuals.