CVE-2014-3566 POODLE vs. CVE-2014-8730 TLS POODLE

At F5 Networks we have seen a good deal of confusion over these two CVEs ever since they appeared late last year. As this is ongoing, we felt it needs to be addressed. The confusion is totally unders...
Published Feb 17, 2015
Version 1.0
BIG-IP
f5 sirt
security
TMOS
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
Jul 31, 2015
BoyanBonev - The recommendation is to upgrade your BIG-IP and then the whole thing is moot because the CVE was patched a long time ago. As it says in the article: "With CVE-2014-8730/TLS POODLE there is a code fix, and all of our latest releases have it, starting with 10.2.4 HF10, 11.2.1 HF13, 11.4.0 HF9, 11.4.1 HF6, 11.5.0 HF6, 11.5.1 HF6, and 11.6.0. Upgrading for the fix is the recommended solution, and F5 Networks always recommends upgrading to the latest Hotfix Rollup for a given branch." If you upgrade then you don't have to worry about which ciphers to use - the issue is fixed. If you don't upgrade, then you're stuck. You either have to use RC4 or accept the CVE vulnerability, period. And if the client won't support RC4 then either those clients are locked out - or you have to accept the CVE vulnerability. So, again, upgrade.