Forum Discussion
cisco_01_157892
May 04, 2015Nimbostratus
TLS Poodle and RC4 vulnerability : default:!SSLv3:!RC4-SHA
We are running F5 LTM version 11.4.1 hostfix 4 Recently we disabled the RC4 weak CIPHER to remove the Minimal warning from our scan.
But due to the recent arrival of Poodle TLS vulnarability we ...
Pascal_Tene_910
May 05, 2015Historic F5 Account
If you want to mitigate TLS POODLE and RC4 weaknesses at the same time, you will have to upgrade to 11.5.0 or later, then create SSL profile similar to:
tmsh create /ltm profile client-ssl TLS-Padding ciphers !SSLv3:AES-GCM
Note that above profile will only allow clients that can support AES-GCM ciphers. This is quite limited. and might lead to other issues.
- cisco_01_157892May 05, 2015NimbostratusI just tested it but it does not work .is what the hostfix8 for 11.4.1 is more stable
- cisco_01_157892May 05, 2015NimbostratusI just tested it but it does not work .is what the hostfix8 for 11.4.1 is more stable
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects