For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Mar 04, 2015

Solved

iRule to mitigate TLS/SSL FREAK?

In before the crowd: Please respond if you have an iRule to mitigate the FREAK attack on TLS/SSL via RSA-EXPORT. (CVE-2015-0204 on OpenSSL, see also https://www.smacktls.com/freak and http://blog.cry...

application delivery

Lee_Payne_53457
Mar 04, 2015
Depending on the version of TMOS you're running you may not need to do anything, but I would disable it in the SSL profile rather than an iRule, these items should prevent it (I think): !MD5:!EXP:!EXPORT40

This article talks about disabling ciphers on the management plane: https://devcentral.f5.com/articles/cve-2014-3566-removing-sslv3-from-big-ip

Icon for Nimbostratus rank

Nimbostratus

Mar 04, 2015

Depending on your BIGIP software level, the DEFAULT cipher-suite may already have you covered: https://support.f5.com/kb/en-us/solutions/public/13000/100/sol13171

I believe the MD5 and EXPORT ciphers have been disabled in the DEFAULT cipher list since v10.2

Icon for Nimbostratus rank

Nimbostratus

Mar 04, 2015

Right you are, they do. That's excellent.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5