CVE-2014-8730 Padding issue

Incorrect TLS padding could be accepted when terminating TLS 1.x CBC cipher connections. F5 has fetched CVE-2014-8730 for this issue.


This issue does not affect the management interface, only the traffic interfaces and does affect all released versions of BIG-IP except the latest version, 11.6.0.


Customers should upgrade to hotfixed releases. See the F5 solution article for this issue for more information.


If you cannot upgrade, then we advise using TLSv1.2 with AES-GCM ciphers (requires BIG-IP v11.5.0 or later and recent clients).


If you cannot upgrade and cannot use AES-GCM ciphers, then we recommend using RC4 ciphers until you can upgrade.

See this solution for more information on setting TLS cipher strings.

Published Dec 08, 2014
Version 1.0
  • Jeff_Costlow_10's avatar
    Jeff_Costlow_10
    Historic F5 Account
    arai.a: Correct, This issue does not affect the management GUI. goutham: Your proposed cipher string of "RC4-SHA" would avoid this issue as well as SSLv3 POODLE. However, RC4 has known weaknesses and should not be a long term solution. I would suggest patching when possible. Josh: Disabling ADH ciphers is probably not a problem for anyone; ADH is rarely used. I agree with your conclusion that AES-GCM may be restrictive until more browsers have been updated.
  • LyonsG - It's because you are still allowing the CBC Ciphers with that string. Depending on your version of OS (mine 10.2.4) you are still allowing the CBC ciphers: tmm --clientciphers 'RC4-SHA:HIGH:MEDIUM:!SSLv2:!SSLv3:!ADH' ID SUITE BITS PROT METHOD CIPHER MAC KEYX 0: 5 RC4-SHA 128 TLS1 Native RC4 SHA RSA 1: 5 RC4-SHA 128 TLS1.2 Native RC4 SHA RSA 2: 53 AES256-SHA 256 TLS1 Native AES SHA RSA 3: 53 AES256-SHA 256 TLS1.2 Native AES SHA RSA 4: 53 AES256-SHA 256 DTLS1 Native AES SHA RSA 5: 10 DES-CBC3-SHA 192 TLS1 Native DES SHA RSA 6: 10 DES-CBC3-SHA 192 TLS1.2 Native DES SHA RSA 7: 10 DES-CBC3-SHA 192 DTLS1 Native DES SHA RSA 8: 61 AES256-SHA256 256 TLS1.2 Native AES SHA256 RSA 9: 4 RC4-MD5 128 TLS1 Native RC4 MD5 RSA 10: 4 RC4-MD5 128 TLS1.2 Native RC4 MD5 RSA 11: 47 AES128-SHA 128 TLS1 Native AES SHA RSA 12: 47 AES128-SHA 128 TLS1.2 Native AES SHA RSA 13: 47 AES128-SHA 128 DTLS1 Native AES SHA RSA 14: 60 AES128-SHA256 128 TLS1.2 Native AES SHA256 RSA
  • Is RC4-SHA support all of browser ? We can't upgrade now but not sure if change cipher to RC4-SHA will work without fail. (Not concern about RC4 weakness)
  • From ssllab result, It's seem RC4-SHA not support with IE6/xp. And Did some browser like firefox or chrome with older version support RC4-SHA?
  • Hi, why is there still no patch for the v11.3 whereas they are available for v11.2.1 and v11.4.0 ? What's wrong with this version ? :) https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html Thanks
  • upgraded the systems to the HF6 as recommended. Now TMM keeps restarting on the standby system. Others experiencing similar? Support isn't providing too much information but I'm understanding that others may have a similar problem with HF6.
  • Dont use 11.4.1 HF6 or 11.5.1 HF6 if you use APM. There is a critical bug in HF6 involving APM. If you use HF6 and APM contact support they should be able to give you an engineering hotfix. Or wait for an update should be soon within a week.
  • Michael_Voight_'s avatar
    Michael_Voight_
    Historic F5 Account
    11.3.0 is End Of Software Development This means there will be no standard hotfix (Reference Solution 5903 at ask5.com) for more info. There are engineering hotfixes that are built that have the fix.
  • If we can't apply a patch which f5 provided, is invalidating CBC mode effective against this vulnerability?