Forum Discussion

Altostratus

May 22, 2015

SSL/TLS use of weak RC4 cipher

Dear Geeks, As per Infosec subjected vulnerability found during the scan on one of the VIP hosted on the loadbalancer. I googled & found the below solution to mitigate the same: Soluti...

Cirrostratus

May 22, 2015

RC4 is considered weak for years now.

On the load balancer you can force it disabled in the client ssl profile (and server ssl profile too). To do so: sol13171: Configuring the cipher strength for SSL profiles (11.x)

Note: RC4-SHA is not used anymore in the DEFAULT SSL profiles in 11.6 (and above). More information here: sol13156: SSL ciphers used in the default SSL profiles (11.x)

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)