SSL/TLS use of weak RC4 cipher

Question

Dear Geeks,&nbsp;
As per Infosec subjected vulnerability found during the scan on one of the VIP hosted on the loadbalancer.&nbsp;
I googled &amp; found the below solution to mitigate the same:&nbsp;
Solution:
RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues.&nbsp;
Can somebody guide me what is basically the Impact of this vulnerability &amp; any prerequesite on Loadbalacner &amp; Backed servers. Please help here.&nbsp;

amolari · Answer

RC4 is considered weak for years now.&nbsp;
On the load balancer you can force it disabled in the client ssl profile (and server ssl profile too).
To do so: 
sol13171: Configuring the cipher strength for SSL profiles (11.x)&nbsp;
Note: RC4-SHA is not used anymore in the DEFAULT SSL profiles in 11.6 (and above). More information here: sol13156: SSL ciphers used in the default SSL profiles (11.x)&nbsp;

Forum Discussion

SSL/TLS use of weak RC4 cipher

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Disabling Weak Ciphers

Disabling Specific Weak Cipher Suites

TLS Fingerprinting to profile SSL/TLS clients without decryption

Lightboard Lessons: Choosing Strong vs Weak Ciphers

How to disable weak cipher from Client SSL Profile

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS