SOL4944 - SSL decryption vulnerabilities - CR47778, CR48873, CR53987, CR54002

ID SOL4944
Type f5
Reporter f5
Modified 2016-07-25T00:00:00



If upgrading is not an immediate option, you can prevent exploitation of these vulnerabilities temporarily by disabling NATIVE ciphers on any clientssl or serverssl profiles that require or request authentication. To do so, add :!NATIVE to the profiles' ciphers option (available in the Advanced Configurations options), as shown in the following example:

Important: This workaround may result in a loss of SSL performance.

profile clientssl client_example {peer cert mode requireciphers "DEFAULT:!NATIVE"}profile serverssl servertest {peer cert mode requireciphers "DEFAULT:!NATIVE"}