F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

CVE-2014-3566 POODLE vs. CVE-2014-8730 TLS POODLE

At F5 Networks we have seen a good deal of confusion over these two CVEs ever since they appeared late last year. As this is ongoing, we felt it needs to be addressed. The confusion is totally unders...

Published Feb 17, 2015

Version 1.0

SIRT

Joined March 03, 2010

View Profile

BoyanBonev_2135

Nimbostratus

Jul 31, 2015

Hi, From what I understand from the article, the only allowed cipher suites which are not affected by the POODLE attack are RC4 ciphers. If this is the case then there might be an issue with this since Oracle has disabled the RC4 suites in their latest versions of the JVM (7u85 and 8u51). The motivation for this is because the RC4 suites are weak. I want to ask what is the recommendation for the case where java clients try to access the F5 through TLS and the only allowed ciphers are RC4 (because this is what's your recommended F5 config)?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

CVE-2014-3566 POODLE vs. CVE-2014-8730 TLS POODLE

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS