Forum Discussion

soymanue's avatar
soymanue
Icon for Nimbostratus rankNimbostratus
Aug 20, 2013

BEAST ATTACK

Has the Beast Attack vulnerabilty been solved with 11.4 version? http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13400

 

3 Replies

  • Has the Beast Attack vulnerabilty been solved with 11.4 version?

     

    as i understand, no. to mitigate, we have to use tls1.2 or, if tls1.2 is not available, stream cipher instead of block based cipher such as rc4-sha.

     

  • Have you seen this:

     

    F5 Threat Mitigation: BEAST

     

    Enforcing TLSv1.2 is one option, but ultimately to protect against the underlying CSRF and not alienate a bunch of customers that can't support TLSv1.2, you need a web application firewall like ASM.

     

  • I think Ivan Ristic has some pretty solid advice: http://blog.ivanristic.com/2013/03/rc4-in-tls-is-broken-now-what.html