You can eliminate this vulnerability by running a version listed in the Versions known to be not vulnerable column in the previous table. If the Versions known to be not vulnerable column does not list a version that is later than the version you are running, then no upgrade candidate currently exists.
For BIG-IP Edge Clients, there is no workaround. To mitigate this vulnerability for all other affected products, perform the following task:
- Verify that Datagram Transport Layer Security (DTLS) virtual servers referencing Secure Socket Layer (SSL) profiles do not permit COMPAT SSL ciphers.
- SOL9970: Subscribing to email notifications regarding F5 products
- SOL9957: Creating a custom RSS feed to view new and updated documents.
- SOL4602: Overview of the F5 security vulnerability response policy
- SOL4918: Overview of the F5 critical issue hotfix policy
- SOL167: Downloading software and firmware from F5