TLS1.x Padding Vulnerability Workaround and EAS

Question

Hello,
I'd like to employ the workaround described in SOL15882 where I'll have to create a custom cipher string using RC4-SHA ciphers.  The SOL states "clients that do not support the RC4-SHA cipher will fail to establish a connection to the virtual server".  Our virtual server is where our Exchange Active Sync (EAS) clients connect to.  I would like to know which EAS clients, if any, would be impacted by this change.  Any advice would be greatly appreciated!&nbsp;

brad_parker · Answer

RC4 has been around quite a while and I don't think any devices have deprecated it yet. If a device doesn't support it it would more likely be because it was disabled by the user or a policy. Its usually a pretty safe bet that the user will not have disabled RC4. I would however recommend patching sooner rather than later as RC4 is considered to be weak at this point and will soon be considered insecure.

boneyard · Answer

i agree with Brad, i would expect RC4 to be pretty broadly supported. but do remember that using RC4 is not advised by a large group and i suspect the support is going to go away pretty soon. &nbsp;
so plan that upgrade sooner then later.&nbsp;

noel_c__180670 · Answer

Thanks guys.  I plan on upgrading to the latest and greatest within the next several weeks!&nbsp;

Forum Discussion

TLS1.x Padding Vulnerability Workaround and EAS

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

Coordinated Vulnerability Disclosure: A Balanced Approach

CVE-2014-8730 Padding issue

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

Enhancing Software Security with Rust: A Solution to Common Vulnerabilities

Cyberattacks On Embassies, Threat Actor Using ChatGPT To Write Malware, and MMS Vulnerabilities

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS