TLS POODLE Vulnerability

Question

Hi, We have configured DEFAULT:!SSLv3:!TLSv1 in the cipher settings in for each SSL certificate but when we do a scan we still see that the message in the scan on https://www.ssllabs.com as "This server is vulnerable to the POODLE attack against TLS servers. Patching required. Grade set to F". Could someone please advise if there is any more configuration setting that can be done to elimintae this attack other than upgrading the software to latest 11.5.xx? Below is the F5 version details
F5 Version: BIG-IP 11.2.1 Build 807.0 Hotfix HF1 &nbsp;
Thanks in advance for the reply.&nbsp;

hannes_rapp · Answer

Where did you get this cipher config? To me it does not seem correct. Until BigIP 11.4.1, to mitigate TLS/Poodle (TLS Padding vulnerability) you should enforce the use of RC4-SHA cipher. This could cut off some users that don't support the cipher. For your cipher config, use

!SSLv3:RC4-SHA

instead.

vitaliy_savrans · Answer

or you need to install hotfix 13 &nbsp;
SOL15882&nbsp;

Forum Discussion

TLS POODLE Vulnerability

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

CVE-2014-3566 POODLE vs. CVE-2014-8730 TLS POODLE

Fingerprinting TLS Clients with JA4 on F5 BIG-IP

F5 CIS, TLS Extensions, and troubleshooting

Decrypting TLS traffic on BIG-IP

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server