Forum Discussion

Nimbostratus

Oct 23, 2018

SSL passthrough VIP - mitigating birthday attack

Is it possible to apply a SSL client profile to mitigate on the VIP eventhough the VIP is in SSL passthrough mode this per https://support.f5.com/csp/article/K13092 ? Are there other possibiliti...

application delivery

LTM

security

gs_366906
Oct 24, 2018
In passthrough you cannot add any ssl profile i.e.- client or server

gijo_342173

Nimbostratus

Oct 24, 2018

I will be applying the following modify /sys httpd ssl-ciphersuite 'ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:-TLSv1:-SSLv3:RC4-SHA'

and NOT anything on the SSL client profile as there is no SSL client profile. The risk is this may break any clients that are using TLSv1 for other virtuals.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

SSL passthrough VIP - mitigating birthday attack

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Happy 20th Birthday, BIG-IP TMOS!

CitrixBleed Mitigation CVE-2023-4966

F5 Distributed Cloud L3-L7 DDoS Mitigation

Mitigating OWASP API Security risks using BIG-IP

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS