F5 Networks BIG-IP : TLS vulnerability (K16674) (Logjam)
Medium Nessus Plugin ID 85951
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionThe TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the 'Logjam' issue. (CVE-2015-4000)
SolutionUpgrade to one of the non-vulnerable versions listed in the F5 Solution K16674.