Cipher Suite Practices and Pitfalls

Cipher Suite Practices and Pitfalls It seems like every time you turn around there is a new vulnerability to deal with, and some of them, such as Sweet32, have required altering cipher configurati...
Updated Jun 06, 2023
Version 3.0
BIG-IP
dcsecurity17
f5 sirt
security
TMOS
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
Apr 30, 2019

CBC ciphers aren't inherently vulnerable (unlike RC4), the vulnerabilities are implementation specific. You can have CBC ciphers without being vulnerable.

 

On BIG-IP all ciphers are CBC except AES-GCM and RC4. So those are the only ciphers you can use if you really don't want any CBC enabled - and RC4 has its own issues, so AES-GCM is really the only option. As AES-GCM was only added in TLSv1.2, this also means you can't support earlier protocols without CBC.

 

Note that 'ECDSA' ciphers only work if you have a digital certificate signed with ECDSA - and that's not typical. Even if the ciphers would be enabled by the config string they will NOT be enabled on the VIP if the cert doesn't support them.

 

So you're basically looking at ECDHE-RSA-AES256-GCM-SHA384 and ECDHE-RSA-AES128-GCM-SHA256 as your only two ciphers that satisfy PFS and not CBC.