soymanue
Aug 20, 2013Nimbostratus
BEAST ATTACK
Has the Beast Attack vulnerabilty been solved with 11.4 version? http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13400
Has the Beast Attack vulnerabilty been solved with 11.4 version? http://support.f5.com/kb/en-us/solutions/public/13000/400/sol13400
Has the Beast Attack vulnerabilty been solved with 11.4 version?
as i understand, no. to mitigate, we have to use tls1.2 or, if tls1.2 is not available, stream cipher instead of block based cipher such as rc4-sha.
Have you seen this:
Enforcing TLSv1.2 is one option, but ultimately to protect against the underlying CSRF and not alienate a bunch of customers that can't support TLSv1.2, you need a web application firewall like ASM.
I think Ivan Ristic has some pretty solid advice: http://blog.ivanristic.com/2013/03/rc4-in-tls-is-broken-now-what.html