For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Noel_C__180670's avatar
Noel_C__180670
Icon for Nimbostratus rankNimbostratus
Dec 20, 2014

TLS1.x Padding Vulnerability Workaround and EAS

Hello, I'd like to employ the workaround described in SOL15882 where I'll have to create a custom cipher string using RC4-SHA ciphers. The SOL states "clients that do not support the RC4-SHA cipher ...
application delivery
LTM
management
security
TMSH
Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Dec 22, 2014

RC4 has been around quite a while and I don't think any devices have deprecated it yet. If a device doesn't support it it would more likely be because it was disabled by the user or a policy. Its usually a pretty safe bet that the user will not have disabled RC4. I would however recommend patching sooner rather than later as RC4 is considered to be weak at this point and will soon be considered insecure.