K16674 : TLS vulnerability CVE-2015-4000

Security Advisory Description

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the “Logjam” issue. (CVE-2015-4000)
Impact
BIG-IP configurations that enable EXPORT suites in Client SSL profiles may be vulnerable to the LogJam attack, in which an active man-in-the-middle attack downgrades a connection between a TLS client and a TLS server that supports EXPORT ciphersuites, but would not negotiate them due to server-side ordering of cipher suites. The best workaround is to disable EXPORT suites in the Client SSL profile. If this is not possible and the Client SSL profile must have EXPORT and strong cipher suites enabled, F5 recommends that you leave the default setting of “10” for theHandshake Timeout setting in the Client SSL profile.
If the configuration is such that a client and a server would negotiate an EXPORT cipher suite on their own, a passive attacker can record the traffic and can decrypt it later. This is an offline attack on a limited number of connections for which there is no workaround other than disabling EXPORT cipher suites.
The BIG-IP system uses 1024-bit DHE for non-export cipher suites. A 1024-bit DHE is likely to be negotiated between a client and a server without interference by an attacker. The BIG-IP system does not use fixed DHE 1024 groups, and the management of DHE 1024 group performed by the BIG-IP system provides a reasonable protection against currently known attacks on DHE 1024. For increased security, F5 recommends that you change the order of DHE cipher suites in Client SSL profiles to prefer ECDHE.
There are specific features on the BIG-IP system that mitigate the impact of LogJam on BIG-IP Client SSL profiles.

• The BIG-IP system, by default, uses custom DHE groups that are unique per install and are not static. These custom groups are also refreshed on a regular basis with the interval of regeneration varied by version. The interval is every month on BIG-IP 10.1.0 thru 11.3.0, and every hour starting in BIG-IP 11.4.0. This is enabled by default.
• A short handshake timeout, 10 sec, is configured by default. There is an option to enable an “Indefinite” timeout, which F5 does not recommend.