TLS POODLE Vulnerability

Question

Hi, We have configured DEFAULT:!SSLv3:!TLSv1 in the cipher settings in for each SSL certificate but when we do a scan we still see that the message in the scan on https://www.ssllabs.com as "This server is vulnerable to the POODLE attack against TLS servers. Patching required. Grade set to F". Could someone please advise if there is any more configuration setting that can be done to elimintae this attack other than upgrading the software to latest 11.5.xx? Below is the F5 version details
F5 Version: BIG-IP 11.2.1 Build 807.0 Hotfix HF1 &nbsp;
Thanks in advance for the reply.&nbsp;

hannes_rapp · Answer

Where did you get this cipher config? To me it does not seem correct. Until BigIP 11.4.1, to mitigate TLS/Poodle (TLS Padding vulnerability) you should enforce the use of RC4-SHA cipher. This could cut off some users that don't support the cipher. For your cipher config, use

!SSLv3:RC4-SHA

instead.

vitaliy_savrans · Answer

or you need to install hotfix 13 &nbsp;
SOL15882&nbsp;

Forum Discussion

TLS POODLE Vulnerability

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

Related Content

Breaking Down the Quantum Challenge: TLS Cipher Suite Vulnerabilities and FIPS Post-Quantum Standards Explained

CVE-2014-3566 POODLE vs. CVE-2014-8730 TLS POODLE

Load Balancing TCP TLS Encrypted Syslog Messages

OpenSSH vulnerability

Decrypting TLS traffic on BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS