For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Deploying TLS Securely

First, let's just agree that supporting SSLv3 is no longer a good idea, and that all old versions of SSL should be disabled by default.  In fact, if I could add one item to the Top 10 Hardcore Securi...
Published Mar 10, 2014
Version 1.0
application delivery
ASM Advanced WAF
deployment
LTM
security
TMOS
BAMcHenry's avatar
Ret. Employee
Brian McHenry leads product management for Security solutions on the BIG-IP, NGINX, and Distributed Cloud data planes. In this role, he sets strategy for the growing $750M annual business for the Advanced WAF, SSL Orchestrator, Access Policy Manager, and NGINX App Protect products. McHenry takes pride in enabling F5’s customers to be successful as well as in improving their security postures to make the Internet a safer place. McHenry works across multiple groups at F5, including the Strategy Office, Office of the CTO, Marketing, Services, Support, and Sales. He is also a published writer and a frequent speaker at infosec conferences and events. He is a co-founder of Security B-Sides NYC, and committed to giving back to the Infosec community.
View Profile
BAMcHenry's avatar
Ret. Employee
Brian McHenry leads product management for Security solutions on the BIG-IP, NGINX, and Distributed Cloud data planes. In this role, he sets strategy for the growing $750M annual business for the Advanced WAF, SSL Orchestrator, Access Policy Manager, and NGINX App Protect products. McHenry takes pride in enabling F5’s customers to be successful as well as in improving their security postures to make the Internet a safer place. McHenry works across multiple groups at F5, including the Strategy Office, Office of the CTO, Marketing, Services, Support, and Sales. He is also a published writer and a frequent speaker at infosec conferences and events. He is a co-founder of Security B-Sides NYC, and committed to giving back to the Infosec community.
View Profile
René_Geile's avatar
René_Geile
Icon for Cirrus rankCirrus
Mar 12, 2014
Hi, small syntax correction, cipher string needs to include a colon ":" before the strength:

 

 

NATIVE:!SSLv3:!TLSv1:!EXPORT:!DH:!MD5:!RC4:RSA+AES:RSA+3DES:ECDHE+AES:ECDHE+3DES:ECDHE+RSA:@STRENGTH