Recommended Action
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.
F5 is responding to this vulnerability as determined by the parameters defined in SOL4602: Overview of the F5 security vulnerability response policy.
BIG-IP
To mitigate this vulnerability, you can remove the ECDH cipher suite from the Cipher List of the affected HTTPS health monitor. To do so, perform the following procedure:
Impact of action: Removing the ECDH cipher suite does not allow the affected HTTPS health monitor from communicating with any other SSL servers using the ECDH cipher suite.
LineRate
To mitigate the risk posed by this vulnerability for the affected LineRate versions, you can disable the ECDH cipher suites in the SSL component. For information about disabling cipher suites for LineRate, refer to the following guides:
**Note:**The following links take you to a resource outside of AskF5. The third party could remove the documents without our knowledge.
The SSL Mode Commands chapter of the LineRate 2.5.0 CLI Reference Guide
The SSL Mode Commands chapter of the LineRate 2.4.x CLI Reference Guide
Supplemental Information