NimbostratusI am running bigip LTM version 10.2.4 and i believethis version is vulnerable to the MIM cuz of which i was adviced to switch over to TLS
My questions are
1) Does it apply to both client and server profiles 2)how can i elimiate it 3) And would there be any impact to my existing application if i move over to TLS
Please help
Nimbostratus
Nimbostratusthanks for the reply shaggy
Is it applciable to both client and server profiles
Nimbostratusanyone please help
NimbostratusThe solution is applicable to both client-side and server-side profiles.
https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip
"If you are running 11.5.0 or later, your default clientssl and serverssl profiles do not contain SSLv3 ciphers and SSLv3 cannot be negotiated. If your SSL profile derives from these profiles, your application is not vulnerable. On all versions, you can disable SSLv3 ciphers by adding the string “!SSLv3” to your clienssl or serverssl profile. The procedure to change your ciphers is well described in SOL 13171."
NimbostratusWe had a environment where it was not possible to update the client which was running SSL 3.0 but was possible to update the ciphers via a configuration file. A mitigation in such a situation is to disable the CBC based ciphers and leave SSL 3.0 enabled.
Note that this will mitigate CVC-2014-3566 but may be weaker if you have other weaker ciphers. Just an option in case disabling SSL 3.0 is not possible due to other constraints.
Nimbostratusbut if i disable SSL v3 is it unsecured
NimbostratusNimbostratusok we have few applications on sharepoint
So if i move it to TLS1.2 will the users be imapacted sicne we also have few i rules which are defined
Nimbostratus