NimbostratusWe are running F5 LTM version 11.4.1 hostfix 4 Recently we disabled the RC4 weak CIPHER to remove the Minimal warning from our scan.
But due to the recent arrival of Poodle TLS vulnarability we had to introduce !SSLv3:RC4-SHA which brought back the Minimal warning for having RC4 in the acceptable CIPHER.
How can we over come this? Removing Poodle TLS padding vulnerability returns RC4 warning
NimbostratusI believe you have to upgrade to a newer version of code that isn't vulnerable. I'm sure someone will correct me if I'm wrong.
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html
If you want to mitigate TLS POODLE and RC4 weaknesses at the same time, you will have to upgrade to 11.5.0 or later, then create SSL profile similar to:
tmsh create /ltm profile client-ssl TLS-Padding ciphers !SSLv3:AES-GCM
Note that above profile will only allow clients that can support AES-GCM ciphers. This is quite limited. and might lead to other issues.
NimbostratusNimbostratus@cisco 01. If you are still experiencing issues on this, I suggest you open a security support case and provide qkview for review.
