CVE-2014-8730 Padding issue
Incorrect TLS padding could be accepted when terminating TLS 1.x CBC cipher connections. F5 has fetched CVE-2014-8730 for this issue.
This issue does not affect the management interface, only th...
Published Dec 08, 2014
Version 1.0Jeff_Costlow_10
Historic F5 Account
Joined January 26, 2005
Jeff_Costlow_10
Historic F5 Account
Joined January 26, 2005
jba3126
Dec 12, 2014Cirrostratus
LyonsG - It's because you are still allowing the CBC Ciphers with that string. Depending on your version of OS (mine 10.2.4) you are still allowing the CBC ciphers:
tmm --clientciphers 'RC4-SHA:HIGH:MEDIUM:!SSLv2:!SSLv3:!ADH'
ID SUITE BITS PROT METHOD CIPHER MAC KEYX
0: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA
1: 5 RC4-SHA 128 TLS1.2 Native RC4 SHA RSA
2: 53 AES256-SHA 256 TLS1 Native AES SHA RSA
3: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA
4: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA
5: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA
6: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA
7: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA
8: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA
9: 4 RC4-MD5 128 TLS1 Native RC4 MD5 RSA
10: 4 RC4-MD5 128 TLS1.2 Native RC4 MD5 RSA
11: 47 AES128-SHA 128 TLS1 Native AES SHA RSA
12: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA
13: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA
14: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA