NimbostratusHi,
(1)Untrusted TLS/SSL server X.509 certificate
(2)TLS/SSL Server is enabling the BEAST attack
(3)Apache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)
(4)TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)
How can I fix? BIGIP-12.1.0.1.0.1447-HF1 Thanks
NoctilucentYes, you can fix it. Find the below solution. Hope it will help you!!
(1)Untrusted TLS/SSL server X.509 certificate
--> Tag Correct certificate to Profile. Attach SAN certificate, if you have multiple FQDN.
(2)TLS/SSL Server is enabling the BEAST attack
--> Upgrade device to 12.1.3 or Versions known to be not vulnerable. Link
(4)TLS/SSL Birthday attacks on 64-bit block ciphers (SWEET32)
--> Modify the cipher as per requiremnt. Link
(3)Apache HTTPD: ETag Inode Information Leakage (CVE-2003-1418)
--> Some tool detect as Vulnerabilities but its not but correct as per requirement. Find the steps below
1. Log in to tmsh by typing the following command:
tmsh
2. To specify the format to be used for the Etag header, type the following command:
modify /sys httpd include ""FileETag MTime Size""
3. Save the configuration change by typing the following command:
save /sys config
4. To restart the httpd service, type the following command:
restart /sys service httpd"
Thanks
NimbostratusHow can i configure this command on Gui , please advice me
modify /sys httpd include ""FileETag MTime Size""
NoctilucentNot seen options in GUI. Yu can apply via cli only.
NimbostratusHi ,
our F5 got error while login gui console ,Please advice me