Forum Discussion
TLS Poodle and RC4 vulnerability : default:!SSLv3:!RC4-SHA
We are running F5 LTM version 11.4.1 hostfix 4 Recently we disabled the RC4 weak CIPHER to remove the Minimal warning from our scan.
But due to the recent arrival of Poodle TLS vulnarability we had to introduce !SSLv3:RC4-SHA which brought back the Minimal warning for having RC4 in the acceptable CIPHER.
How can we over come this? Removing Poodle TLS padding vulnerability returns RC4 warning
- Pascal_Tene_910Historic F5 Account
@cisco 01. If you are still experiencing issues on this, I suggest you open a security support case and provide qkview for review.
- Pascal_Tene_910Historic F5 Account
If you want to mitigate TLS POODLE and RC4 weaknesses at the same time, you will have to upgrade to 11.5.0 or later, then create SSL profile similar to:
Note that above profile will only allow clients that can support AES-GCM ciphers. This is quite limited. and might lead to other issues.
- cisco_01_157892NimbostratusI just tested it but it does not work .is what the hostfix8 for 11.4.1 is more stable
- cisco_01_157892NimbostratusI just tested it but it does not work .is what the hostfix8 for 11.4.1 is more stable
- Leonardo_39231Nimbostratus
I believe you have to upgrade to a newer version of code that isn't vulnerable. I'm sure someone will correct me if I'm wrong.
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com