CVE-2014-3566 POODLE vs. CVE-2014-8730 TLS POODLE

At F5 Networks we have seen a good deal of confusion over these two CVEs ever since they appeared late last year. As this is ongoing, we felt it needs to be addressed. The confusion is totally unders...
Published Feb 17, 2015
Version 1.0
BIG-IP
f5 sirt
security
TMOS
sandy16's avatar
sandy16
Icon for Altostratus rankAltostratus
Jul 06, 2015
Hi Megazone, good stuff. Please make me understand the solution in SOL15882. We want fix this as upgrading might take us few months. Using the cipher !SSLv3:AES-GCM:RC4-SHA explicitily will disable/un-match the SSLv3:AES-GCM:RC4-SHA cipher because of the "!" regex. Don`t we need to disable/un-match all CBC related ciphers here? Moreover we are on 11.5.1 HF3, so sslv3 is already disabled.