Forum Discussion

Nimbostratus

May 04, 2015

TLS Poodle and RC4 vulnerability : default:!SSLv3:!RC4-SHA

We are running F5 LTM version 11.4.1 hostfix 4 Recently we disabled the RC4 weak CIPHER to remove the Minimal warning from our scan. But due to the recent arrival of Poodle TLS vulnarability we ...

application delivery

BIG-IP Access Policy Manager (APM)

Historic F5 Account

If you want to mitigate TLS POODLE and RC4 weaknesses at the same time, you will have to upgrade to 11.5.0 or later, then create SSL profile similar to:

tmsh create /ltm profile client-ssl TLS-Padding ciphers !SSLv3:AES-GCM

Note that above profile will only allow clients that can support AES-GCM ciphers. This is quite limited. and might lead to other issues.

cisco_01_157892

Nimbostratus

May 05, 2015

I just tested it but it does not work .is what the hostfix8 for 11.4.1 is more stable

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

TLS Poodle and RC4 vulnerability : default:!SSLv3:!RC4-SHA

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Coordinated Vulnerability Disclosure: A Balanced Approach

CVE-2014-3566 POODLE vs. CVE-2014-8730 TLS POODLE

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

SSLv3 POODLE mitigation recommendations

Enhancing Software Security with Rust: A Solution to Common Vulnerabilities

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS