SSL/TLS use of weak RC4 cipher

Question

Dear Geeks,&nbsp;
As per Infosec subjected vulnerability found during the scan on one of the VIP hosted on the loadbalancer.&nbsp;
I googled &amp; found the below solution to mitigate the same:&nbsp;
Solution:
RC4 should not be used where possible. One reason that RC4 was still being used was BEAST and Lucky13 attacks against CBC mode ciphers in SSL and TLS. However, TLSv 1.2 or later address these issues.&nbsp;
Can somebody guide me what is basically the Impact of this vulnerability &amp; any prerequesite on Loadbalacner &amp; Backed servers. Please help here.&nbsp;

amolari · Answer

RC4 is considered weak for years now.&nbsp;
On the load balancer you can force it disabled in the client ssl profile (and server ssl profile too).
To do so: 
sol13171: Configuring the cipher strength for SSL profiles (11.x)&nbsp;
Note: RC4-SHA is not used anymore in the DEFAULT SSL profiles in 11.6 (and above). More information here: sol13156: SSL ciphers used in the default SSL profiles (11.x)&nbsp;

Forum Discussion

SSL/TLS use of weak RC4 cipher

1 Reply

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

Related Content

Disabling Weak Ciphers

Disabling Specific Weak Cipher Suites

TMOS script for updating SSL profile cipher group and TLS versions

F5 ICAP over SSL/TLS (Secure ICAP) with F5 ASM/AWAF Antivirus Protection feature

TLS/SSL weak messgae auth on code cipher suites