Forum Discussion

Nimbostratus

Mar 02, 2015

The best ciphersuite

Hi We host several virtual servers on our LTM and assign SSL profiles to them with certain ciphersuites, I wish to improve them. My question is, can anyone suggest an appropriate cipher suite to ...

Nimbostratus

Mar 04, 2015

CVE-2014-8730(TLS POODLE) is fixed in v11.6.0, 11.5.2, and as of 11.5.1HF6, 11.5.0HF6, 11.4.1HF6, 11.4.0HF9, 11.2.1HF13, 10.2.4HF10; If you currently running one of these versions you don't have to create a custom profile. (see SOL15882 - In recommended action section first paragraph, before subsection Big-IP SSL profiles)

CVE-2014-3566(SSLv3 POODLE) is mostly fixed(Configuration utility still allows SSLv3 by default) in v11.5.0-11.6.0; any version aside from these are vulnerable, you can mitigate it by adding the "!SSLv3" into your cipher list.

That being saif El-Gaupo makes a valid point, in that the best way to know what will work best for your enviornment is to test the different theories, and tweak them to fit your needs.

Hope this helped,

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

The best ciphersuite

Recent Discussions

iRule for client certificate verification and inserting CN

Earth Simnavaz

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

Related Content

F5 ciphersuite syntax

SSL ciphersuite to allow only TLS

OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Weakness

Re: CVE-2014-3566: Removing SSLv3 from BIG-IP

Re: iRule to stop SSLv3 connections

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS