CVE-2014-8730 Padding issue

Incorrect TLS padding could be accepted when terminating TLS 1.x CBC cipher connections. F5 has fetched CVE-2014-8730 for this issue.


This issue does not affect the management interface, only the traffic interfaces and does affect all released versions of BIG-IP except the latest version, 11.6.0.


Customers should upgrade to hotfixed releases. See the F5 solution article for this issue for more information.


If you cannot upgrade, then we advise using TLSv1.2 with AES-GCM ciphers (requires BIG-IP v11.5.0 or later and recent clients).


If you cannot upgrade and cannot use AES-GCM ciphers, then we recommend using RC4 ciphers until you can upgrade.

See this solution for more information on setting TLS cipher strings.

Published Dec 08, 2014
Version 1.0
security

Was this article helpful?

20 Comments

Sort By
Show More
  • Jeff_Costlow_10's avatar
    Jeff_Costlow_10
    Historic F5 Account
    Dec 11, 2014
    arai.a: Correct, This issue does not affect the management GUI. goutham: Your proposed cipher string of "RC4-SHA" would avoid this issue as well as SSLv3 POODLE. However, RC4 has known weaknesses and should not be a long term solution. I would suggest patching when possible. Josh: Disabling ADH ciphers is probably not a problem for anyone; ADH is rarely used. I agree with your conclusion that AES-GCM may be restrictive until more browsers have been updated.
  • jba3126's avatar
    jba3126
    Icon for Cirrus rankCirrus
    Dec 12, 2014
    LyonsG - It's because you are still allowing the CBC Ciphers with that string. Depending on your version of OS (mine 10.2.4) you are still allowing the CBC ciphers: tmm --clientciphers 'RC4-SHA:HIGH:MEDIUM:!SSLv2:!SSLv3:!ADH' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA 1: 5 RC4-SHA 128 TLS1.2 Native RC4 SHA RSA 2: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 3: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 4: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 5: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 6: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 7: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA 8: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 9: 4 RC4-MD5 128 TLS1 Native RC4 MD5 RSA 10: 4 RC4-MD5 128 TLS1.2 Native RC4 MD5 RSA 11: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 12: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 13: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 14: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
  • kridsana's avatar
    kridsana
    Icon for Cirrocumulus rankCirrocumulus
    Dec 12, 2014
    Is RC4-SHA support all of browser ? We can't upgrade now but not sure if change cipher to RC4-SHA will work without fail. (Not concern about RC4 weakness)
  • kridsana's avatar
    kridsana
    Icon for Cirrocumulus rankCirrocumulus
    Dec 12, 2014
    From ssllab result, It's seem RC4-SHA not support with IE6/xp. And Did some browser like firefox or chrome with older version support RC4-SHA?
  • Cyril_M's avatar
    Cyril_M
    Icon for Altostratus rankAltostratus
    Dec 12, 2014
    Hi, why is there still no patch for the v11.3 whereas they are available for v11.2.1 and v11.4.0 ? What's wrong with this version ? :) https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html Thanks
  • brad_11480's avatar
    brad_11480
    Icon for Nimbostratus rankNimbostratus
    Dec 12, 2014
    upgraded the systems to the HF6 as recommended. Now TMM keeps restarting on the standby system. Others experiencing similar? Support isn't providing too much information but I'm understanding that others may have a similar problem with HF6.
  • RobertS1's avatar
    RobertS1
    Icon for Nimbostratus rankNimbostratus
    Dec 17, 2014
    Dont use 11.4.1 HF6 or 11.5.1 HF6 if you use APM. There is a critical bug in HF6 involving APM. If you use HF6 and APM contact support they should be able to give you an engineering hotfix. Or wait for an update should be soon within a week.
  • Michael_Voight_'s avatar
    Michael_Voight_
    Historic F5 Account
    Dec 18, 2014
    11.3.0 is End Of Software Development This means there will be no standard hotfix (Reference Solution 5903 at ask5.com) for more info. There are engineering hotfixes that are built that have the fix.
  • MWat0815_185830's avatar
    MWat0815_185830
    Icon for Nimbostratus rankNimbostratus
    Feb 05, 2015
    If we can't apply a patch which f5 provided, is invalidating CBC mode effective against this vulnerability?