OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Weakness

Question

has anyone been able to isolate and mitigate this issue:  I beleive it has to do with Open SSL and even though every article I read said that the version of software I am running 10.2.2 HF3 is not vulnerable everytime I get scanned I get this as part of the scan - need to be able to mitigate this issue or I will not be PCI compliant.   Anyone knows how to mitigate this issue please help!

fisher1971_2973 · Answer

I have seen this issue as well. I would recommend checking which ciphers your F5 supports. If it only supports high strength ciphers, then this is not an issue. As the downgrade issue will not work. You will only be able to resume the session from high strength cipher to another.&nbsp;
&nbsp;Hope this answers you question.&nbsp;

Forum Discussion

OpenSSL SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG Session Resume Ciphersuite Downgrade Weakness

1 Reply

Recent Discussions

GTM Packet Capture command

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Open Redirection Mitigation

How to Implement 2 Way SSL in F5 LTM

Related Content

firmware upgrade and downgrade

The best ciphersuite

F5 ciphersuite syntax

Downgrade gone wrong

F5 Software Downgrade from version 14.1.0 to 12.1.2