CVE-2014-3566 POODLE vs. CVE-2014-8730 TLS POODLE

At F5 Networks we have seen a good deal of confusion over these two CVEs ever since they appeared late last year. As this is ongoing, we felt it needs to be addressed. The confusion is totally unders...
Published Feb 17, 2015
Version 1.0
BIG-IP
f5 sirt
security
TMOS
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
Oct 26, 2017

I suspect the issue is that Chrome has deprecated SHA1 cipher suites, but without knowing the error message you're getting it is hard to say.

 

If that is the case you're kind of stuck between a rock and a hard place. You either need to upgrade to a newer TMOS version which fixes this issue, removing the requirement for this config string, or you need to enable other ciphers and accept that you will be vulnerable to TLS Poodle.

 

Note RC4 is also deprecated these days and is widely disabled. Running 11.3 you don't really have a good option - you'll have to accept something undesirable. So the best solution is to upgrade - which I'd encourage anyway, as there are a lot of CVEs that have been patched in newer releases that exist in 11.3.0.