Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Return of Bleichenbacher - the ROBOT Attack CVE-2017-6168

Everything old is new again. Security researcher Hanno Böck and friends built a neat little Python adaptive chosen-ciphertext attack proof-of-concept (POC) tool and ran it against many popular we...
Updated 2 years ago
Version 2.0
big-ip
security
MLB's avatar
MLB
Icon for Nimbostratus rankNimbostratus
5 years ago

I was wondering if the iRule for handshake rate=limit still existed anywhere? We have an older version of F5 Big IP and due to having customers that use stand-alone terminals that continue to use RSA (and which the terminal manufacturer will not address) we need to mitigate the risk for the TLS ROBOT attack in all ways possible and the iRule limiting the handshake rate seemed ideal but I cannot find that iRule anywhere. Has another iRule which contains that functionality replaced it? Is there other means to mitigate that make the iRule unnecessary. Forgive my ignorance, as I am not the network resource most familiar and responsible for our F5, I'm just trying to research ways to mitigate. Thanks in advance for any guidance anyone can provide.