Forum Discussion
The best ciphersuite
Hi
We host several virtual servers on our LTM and assign SSL profiles to them with certain ciphersuites, I wish to improve them.
My question is, can anyone suggest an appropriate cipher suite to use which remediates the below vulnerabilities and gives us a good grade on quallys:
BEAST Attack
POODLE (sslv3)
POODLE (TLS)
Avoiding RC4
Thanks.
- amolariCirrostratus
- Brad_ParkerCirrus
You should update to the latest hotfix to patch POODLE (TLS) ASAP. As for BEAST/RC4, they both can;t be mitigated server side unless you remove TLSv1.0 support, which generally isn't possible yet for most people as its still widely used. I would recommend something like 'DEFAULT:!SSLv3:!RC4' and run the latest hotfix. The need for !SSLv3 will be dependent on the version you are running. Since BEAST is considered to be mostly mitigated client side it is the lesser evil vs RC4. RC4 is considered to be "weak" and should be disabled when possible. What version of BigIP are you running?
- Brad_ParkerCirrusSo with 11.4.1 you should upgrade to at least HF6 and 'DEFAULT:!SSLv3:!RC4' will mitigate everything except for TLSv1.0 BEAST, but ssllabs won't ding you for it as it is mitigate client side in all up-to-date browsers.
- Brad_Parker_139Nacreous
You should update to the latest hotfix to patch POODLE (TLS) ASAP. As for BEAST/RC4, they both can;t be mitigated server side unless you remove TLSv1.0 support, which generally isn't possible yet for most people as its still widely used. I would recommend something like 'DEFAULT:!SSLv3:!RC4' and run the latest hotfix. The need for !SSLv3 will be dependent on the version you are running. Since BEAST is considered to be mostly mitigated client side it is the lesser evil vs RC4. RC4 is considered to be "weak" and should be disabled when possible. What version of BigIP are you running?
- Brad_Parker_139NacreousSo with 11.4.1 you should upgrade to at least HF6 and 'DEFAULT:!SSLv3:!RC4' will mitigate everything except for TLSv1.0 BEAST, but ssllabs won't ding you for it as it is mitigate client side in all up-to-date browsers.
- Mike_Morse_1839Nimbostratus
we are runnning 11.4.1
- El-Guapo_29797Nimbostratus
In 11.4.x code (https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html
- Brad_ParkerCirrusThat is false, the vulnerability to Poodle TLS has been patched in all versions back to 10.2.4. AES-GCM is not required to mitigate this vulnerability. https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
- El-Guapo_29797NimbostratusI would think not. I see that you have contributed a lot which is honorable but in this case I would go with F5's most recent article on this issue. Which is if you are below version 11.5.x, you should not disable RC4-SHA, which is exactly what (!RC4) is doing. Note.. that if you do disable RC4-SHA, it means, you just disabled TLS 1.x.. all other CBC Mode ciphers are vulnerable (which is all other ciphers besides RC4 on codes 11.4.x and below). Look at what they say below... We have tested this extensively and below is correct. "In 11.4.1 and earlier use the cipher string !SSLv3:RC4-SHA This is where we often see a second level of confusion. Many have tried cipher strings such as "DEFAULT:!SSLv3:RC4-SHA" or "NATIVE:!SSLv3:RC4-SHA". These will not work; follow the SOL explicitly. Note that if you upgrade to a fixed version then you don't need to worry about the cipher string. (Other than ensuring SSLv3 is disabled for CVE-2014-3566, of course.) The issue with the TLS Padding Vulnerability is with CBC mode ciphers. All of the ciphers supported by F5, aside from RC4 (and AES-GCM in 11.5.0+), are CBC mode. Note that not all CBC mode ciphers have 'CBC' in the name. This has caused confusion in many cases due to the belief that CBC is disabled because the string 'CBC' is not shown when listing the enabled ciphers. Yet scan tools still flag the system as vulnerable. If it isn't RC4 or AES-GCM, it is CBC mode and vulnerable on an unpatched system."
- Brad_ParkerCirrusCBC ciphers are perfectly safe to use when running 11.6.0, 11.5.2, 11.5.1 HF6, 11.5.0 HF6, 11.4.1 HF6, 11.4.0 HF9, 11.2.1 HF13, or 10.2.4 HF10 and all hotfixes to come. The vulnerability has been patched. What article are your referring to? Please, read the SOL, https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html.
- Kharsma_176894Nimbostratus
We are running 11.4.1HF7 in our enviornment and this is the string I used: ECDHE:DHE:HIGH:AES:MEDIUM:!LOW:!RC4:!SSLv3:-3DES:@STRENGTH:TLSv1+DES-CBC3-SHA
I have tested this site agains ssllabs and get an "A", hope this helps.
KH
- Kharsma_176894NimbostratusThat should be against not agains, sorry.
- El-Guapo_29797Nimbostratus
Mike: if you are wondering who is correct. Do this.. Go to Profiles/SSL/Client clientssl.. change configuration to advance and on Ciphers.. add Brad's setting of DEFAULT:!SSLv3:!RC4 and after you apply, go to https://www.ssllabs.com/ssltest/ and enter a website of yours and see the grade.. then scroll down to ciphers & see comments. Next, either implement F5 patch or add !SSLv3:RC4-SHA (with ! removed from RC4-SHA), apply and test via Qualys and decide for yourself.
- El-Guapo_29797Nimbostratus
I just read SOL 15882 which is what I used to fix my issue on interim. Go to the section of your article.. "Recommendation Action".. then go to BIG-IP 10.x - 11.4.1.. It clearly says to run below which disables !SSLv3, but enable RC4-SHA. There is a reason for that.
create /ltm profile client-ssl TLS-Padding ciphers !SSLv3:RC4-SHA
We have many F5's & finally got our hands on this article as to why TLS patching broke some of our websites: https://devcentral.f5.com/articles/cve-2014-3566-poodle-vs-cve-2014-8730-tls-poodle
- Brad_ParkerCirrusFrom this article, "With CVE-2014-8730/TLS POODLE there is a code fix, and all of our latest releases have it, starting with 10.2.4 HF10, 11.2.1 HF13, 11.4.0 HF9, 11.4.1 HF6, 11.5.0 HF6, 11.5.1 HF6, and 11.6.0. Upgrading for the fix is the recommended solution, and F5 Networks always recommends upgrading to the latest Hotfix Rollup for a given branch. For those who are unable upgrade at this time, there is a configuration workaround as detailed in SOL15882: In 11.5.0+ use the cipher string !SSLv3:AES-GCM:RC4-SHA In 11.4.1 and earlier use the cipher string !SSLv3:RC4-SHA"
- Kharsma_176894Nimbostratus
CVE-2014-8730(TLS POODLE) is fixed in v11.6.0, 11.5.2, and as of 11.5.1HF6, 11.5.0HF6, 11.4.1HF6, 11.4.0HF9, 11.2.1HF13, 10.2.4HF10; If you currently running one of these versions you don't have to create a custom profile. (see SOL15882 - In recommended action section first paragraph, before subsection Big-IP SSL profiles)
CVE-2014-3566(SSLv3 POODLE) is mostly fixed(Configuration utility still allows SSLv3 by default) in v11.5.0-11.6.0; any version aside from these are vulnerable, you can mitigate it by adding the "!SSLv3" into your cipher list.
That being saif El-Gaupo makes a valid point, in that the best way to know what will work best for your enviornment is to test the different theories, and tweak them to fit your needs.
Hope this helped,
KH
- El-Guapo_29797Nimbostratus
Thanks Brad.. that is inline with what we have tested as well. The upgrades that you mentioned are inline with last two lines. Thank you.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com