Vulnerabilities from SWEET32 in F5 Load Balancers Reveal
Worried about SWEET32 and OpenSSL vulnerabilities? Check out this step by step guide to fix issues before they become critical events. Read more.
Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.
The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.This article explains how to mitigate the SWEET32 vulnerability in F5 Big-IP load balancers, which exploits long-lived SSL sessions that use Triple DES (3DES) in CBC mode. It describes two mitigation approaches: disabling 3DES-CBC ciphers in SSL client profiles and the management interface, and configuring an SSL renegotiation size limit (recommended 1000 MB) to prevent long-lived sessions from being exploited. The guide provides step-by-step procedures for both GUI and tmsh (CLI) configuration, notes possible client and compatibility impacts, and recommends testing profile changes before applying them broadly.
What is the SWEET32 vulnerability and why is it relevant to F5 load balancers?
SWEET32 targets long-lived SSL/TLS sessions that use 64-bit block ciphers like Triple DES (3DES) in CBC mode, allowing attackers to recover plaintext by exploiting large volumes of encrypted data. For F5 Big-IP load balancers, the vulnerability is relevant because it targets the cipher itself, meaning there is no hotfix for the protocol; mitigation requires configuration changes on the load balancer. The article therefore focuses on either disabling 3DES-CBC ciphers from SSL profiles and the management interface or limiting SSL renegotiation size to reduce the amount of data encrypted under a single session.
How do I set an SSL renegotiation size limit on an F5 Big-IP to mitigate SWEET32?
You can set a renegotiation size limit via the F5 GUI or tmsh. In the GUI, go to Local Traffic -> Profiles -> SSL -> Client, open the target profile, enable custom Renegotiation size, change from Indefinite to Specify, and enter 1000 (MB) per F5 recommendation, then Update. Via tmsh, connect over SSH, enter tmsh, and run: modify /ltm profile client-ssl renegotiate-size 1000, then commit with save sys config. Note that clients must handle failed renegotiation by establishing a new full SSL handshake; testing is recommended before wide deployment.
What are the consequences of disabling 3DES-CBC ciphers on F5 SSL profiles and management interfaces?
Disabling 3DES-CBC ciphers removes those ciphers from negotiation, reducing the set of available ciphers for virtual servers and the management interface. Most modern browsers support many ciphers, so impact is often minimal, but depending on your existing cipher string it may prevent some clients from agreeing on a cipher with the server. The article cautions against changing parent SSL profiles without testing and notes the example approach uses the system default list (which the article does not recommend); administrators should determine an appropriate cipher list for their environment and test compatibility before applying changes. The article shows how to modify cipher strings in both GUI and tmsh and to commit changes with save sys config.
How to Mitigate Vulnerabilities from SWEET32 in F5 Load Balancers
The SWEET32 vulnerability is targeting long lived SSL sessions using Triple DES in CBC mode. The attack targets the cipher itself and thus there is and will be no hotfix for this. The only way to mitigate is to either disable the 3DES-CBC ciphers or set a limit on the renegotiation size.
This guide will cover how to configure both in the load balancer, and also how to protect your management interface (only possible by changing the cipher string). To simplify your F5 network try out Indeni which will automate some of the processes in your environment and save you time for the important tasks.
For the official F5 article, please refer to this link: https://support.f5.com/csp/#/article/K13167034
Configuring an SSL Renegotiation size limit
SSL renegotiation options determines if the BigIP will allow the client to make mid-stream reconnections or not. The option called size limit will set a limit, in megabytes, of how much data that is allowed to pass through the connection before an SSL renegotiation will be disabled (on that specific connection). Since the attack targets long lived sessions (or rather high amount of SSL data) this will mitigate the attack. F5 recommends to set the limit to 1000MB.
Possible impact of setting a renegotiation size limit
Clients with renegotiation support will need to be able to handle a failed SSL Renegotiation and instead establish a new one completing the full SSL handshake. This should not pose a problem in the vast majority of applications.
SSL session settings are regulated by SSL profiles. While you can change the parent profiles we do not recommend doing so without doing proper testing.
Procedure to set an SSL Renegotiation size limit via the GUI
- Log in to the F5 administration interface
- Navigate to Local Traffic -> Profiles -> SSL -> Client
- Click on the profile you wish to set the limit to
- In the settings, locate Renegotiation size
- If it’s disabled (see the picture below), click on the custom option checkbox to allow changes
- Change the value from Indefinite to Specify, then enter 1000
- Click on “Update”
Procedure to set an SSL Renegotiation size limit via TMSH
- Connect to your load balancer via an SSH client
- If not already in the tmsh, enter it
- To modify the size limit of a profile, issue this command and replace the profile name with the full path of the ssl profile you wish to modify:
modify /ltm profile client-ssl <profile_name> renegotiate-size 1000
Example:
modify /ltm profile client-ssl /Common/example.com renegotiate-size 1000
- Commit the configuration to disk by running the command “save sys config”
Disabling 3DES-CBC ciphers in SSL Client profiles and the management interface
This method will remove the affected ciphers from the list of applicable ciphers during SSL connection negotiations. SSL cipher settings are regulated by SSL profiles. While you can change the parent profiles we do not recommend doing so without doing proper testing.
Possible impact of disabling 3DES-CBC ciphers
While most modern browsers supports wide array of ciphers this will still reduce the cipher support of the virtual servers using the modified SSL profile. Depending on your current cipher string this could or could not pose a risk to clients and the virtual servers not being able to agree on a cipher.
Please note that the following guide is just meant to show how to disable these specific ciphers and uses the system default cipher list to do so. Using the default list is not recommended. To determine which cipher list you should use, please read up on ciphers.
To see F5 scripts refer to here.
This guide is a really good start:
Procedure to set an SSL cipher string via the GUI
- Log in to the F5 administration interface
- Navigate to Local Traffic -> Profiles -> SSL -> Client
- Click on the profile you wish to alter the cipher string on
- In the settings, locate Ciphers
- If it’s disabled (see the picture below), click on the custom option checkbox to allow changes.
- Change the value from the current value to <CURRENTLIST>: !DHE-RSA-DES-CBC3-
SHA:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA
- Click on “Update”
Procedure to set an SSL cipher string via TMSH
- Connect to your load balancer via an SSH client
- If not already in the tmsh, enter it
- Show the current cipher string with the following command:
list /ltm profile client-ssl [profile name] ciphers
Example:
list ltm profile client-ssl /Common/example.com ciphers
ltm profile client-ssl Testpartition/testthemciphers { ciphers DEFAULT
}
- Note your current cipher string. In the example above it was “DEFAULT”
- Modify the cipher string with the following command:
modify ltm profile client-ssl [profile name] ciphers <CURRENTLIST>:!DHE-RSA-DES-CBC3-SHA:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA
Example:
modify ltm profile client-ssl /Common/example.com ciphers DEFAULT:!DHE-RSA-DES-CBC3-SHA:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA
- Commit the configuration to disk by running the command “save sys config”
[divider width=”full”]
Start automating your F5 Network with Indeni, see scripts here. Thank you to Patrik Jonsson for contributing this article.
Related content
How to map your network with user-defined links in Integrity X
Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.
Automate your DDI modernization path by migrating with Micetro
Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.
Your journey to intelligent NetOps begins at Cisco Live
Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.
Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)
Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.