Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Host is Vulnerable to Extended Master Secret TLS Extension (TLS triple handshake)

Doran_Lum
Nimbostratus
Nimbostratus

‎11-Jun-2020 09:14

We have a few F5 VIPs on our LTM that have the TLS triple handshake vulnerability as detected by the scan.

I was reading the article below and it seems it's enabled by default. Why only some VIPs are detected and the other F5 VIP doesn't seem to be affected ?

 

And the option to disabled it is only through putty ?

 

https://support.f5.com/csp/article/K66202244

Labels:
0 Kudos
1 REPLY 1

boneyard
MVP
MVP

‎22-Jun-2020 10:43

which tmos version are you using?

 

just to make sure, you seeing a difference between SSL enabled VIPs? not between a non SSL and a SSL enabled VIP?

 

as for you last question, yes the setting can only be changed from the CLI, but in general you dont want to change the setting, as it is a way to prevent to tls triple handshake.

 

assuming this comes from qualys this thread is interesting to read:

https://qualys-secure.force.com/discussions/s/question/0D52L00004TnvDPSAZ/regarding-rfc-7627-on-transport-layer-security-tls-session-hash-and-extended-master-secret-extension-will-become-a-mandatory-tls-extension

0 Kudos
Copyright © 2023 Khoros, LLC