Forum Discussion

Nimbostratus

Dec 20, 2014

TLS1.x Padding Vulnerability Workaround and EAS

Hello, I'd like to employ the workaround described in SOL15882 where I'll have to create a custom cipher string using RC4-SHA ciphers. The SOL states "clients that do not support the RC4-SHA cipher ...

Cirrus

Dec 22, 2014

RC4 has been around quite a while and I don't think any devices have deprecated it yet. If a device doesn't support it it would more likely be because it was disabled by the user or a policy. Its usually a pretty safe bet that the user will not have disabled RC4. I would however recommend patching sooner rather than later as RC4 is considered to be weak at this point and will soon be considered insecure.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

TLS1.x Padding Vulnerability Workaround and EAS

Recent Discussions

Flip-flop load balancing

ASM Export JSON - size Limit ?

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

Related Content

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

CVE-2014-8730 Padding issue

Phishing, Malware and Spyware Campaign, BRUTED Tool & CISA’s List Of Exploited Vulnerabilities

Windows Critical RCE Vulnerability, Malicious Solana-py, and EDRKillShifter

Coordinated Vulnerability Disclosure: A Balanced Approach

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS