Forum Discussion

Moinul_Rony's avatar
Moinul_Rony
Icon for Altostratus rankAltostratus
Sep 04, 2014

How to disable CIPHER for and Disable TCP time stamp on F5 ?

Hi, We have just being chased by PCI Compliance about having vulnerabily that detected WEAK CIPHER support and TCP Timestamp being turned ON. --Report say our application: Negotiated with the fol...
application delivery
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee

i normally see people using cipher string from this sol if there is no special requirement.

 

sol13171: Configuring the cipher strength for SSL profiles (11.x)

 

http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171.html

 

for tcp timestamp, is it this one?

 

TCP timestamp response

 

http://www.rapid7.com/db/vulnerabilities/generic-tcp-timestamp

 

sol8072: Obtaining uptime information from TCP timestamps

 

http://support.f5.com/kb/en-us/solutions/public/8000/000/sol8072.html

 

nitass's avatar
nitass
Icon for Employee rankEmployee
Sep 06, 2014
dh is natively supported in 11.2.1 Diffie-Hellman SSL key exchange cipher The Diffie-Hellman SSL key exchange cipher, which provides perfect forward secrecy (PFS), is now included natively. This provides better performance for configurations using Diffie-Hellman, especially on physical platforms that have hardware SSL acceleration. Release Note: BIG-IP LTM and TMOS 11.2.1 http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-ltm-11-2-1.html