Forum Discussion

Altostratus

Jan 08, 2015

Removing Poodle TLS padding vulnerability returns RC4 warning

Hi, We are running F5 LTM version 11.2. Recently we disabled the RC4 weak CIPHER to remove the Minimal warning from our PCI scan. But due to the recent arrival of Poodle TLS vulnarability ...

application delivery

LTM

boneyard

MVP

Jan 08, 2015

Alex is correct, the solution for POODLE TLS and some other attacks is to enable only RC4. but on the other side RC4 is considered unsafe itself and will probably to publicly announced to be disabled at some time in future.

so the best fix for POODLE TLS remains the hotfix version.

Forum Discussion

Removing Poodle TLS padding vulnerability returns RC4 warning

Recent Discussions

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Coordinated Vulnerability Disclosure: A Balanced Approach

CVE-2014-8730 Padding issue

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Vulnerability CVE-2023-45648 in ApacheTomcat