Forum Discussion
NimbostratusVulnerability F5
My Security Auditor has found these many Security Vulnerabilities with my F5. Kindly advice on how to mitigate all these below. Thanks Please respond ASAP
1.SSL Certificate Cannot Be Trusted 2.SSL Self-Signed Certificate 3.SSL Weak Cipher Suites Supported 4.SSL Medium Strength Cipher Suites Supported 5.SSL RC4 Cipher Suites Supported 6.SSL Certificate Chain Contains RSA Keys Less Than 2048 bits
Regards Aiyappa
9 Replies
Aiyappa_136133Hi Nathan,
Thanks this was quite useful.. But how about the point 1 and 2 ?
Regards Aiyapaa
- nathe
Cirrocumulus
if it it's in relation to a cert applied to a VS then you'll have to look to replace it with a cert from an internal PKI or external CA.
- Aiyappa_136133
Thanks Nathan,
it worked !!!!
- nathegood to hear, thanks for letting me know. if you're happy to do so then if you mark the question answered it helps others looking for the same info in the future.
- Aiyappa_136133Hi Nathan , Can you give me the procedure on how to replace the certficate ?
- boneyard
MVP
it is based on version 10, but except for the location (moved to system > file > ssl certificates around version 11.3) it explains a lot http://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm_configuration_guide_10_1/ltm_ssl_certif_config.html
Vitaliy_SavransNacreous
About certificate management sol14620
JGCumulonimbus
I think the security concerns of Aiyappa's are shared by many other people, including myself. I'd like to know if F5 has a timely plan of upgrading the default settings in accordance with new security findings, for many people do rely on the default settings to be secure. I myself would rather not customise the cipher settings of all my SSL profiles. As for RC4, is there any potential adverse effect if it is disabled, since this has not been disabled in the default settings by F5 for almost a year since the RC4 issue was identified?
