Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

CVE-2011-1473/SSL Renegotiation vulnerability

 

Information

 

Summary:

CVE-2011-1473/SSL Renegotiation vulnerability

Environment:

Product: LoadMaster

Version: Any

Platform: Any

Application: Any

Question/Problem Description:

Is the LoadMaster vulnerable to CVE-2011-1473/SSL Renegotiation vulnerability?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause:  
Resolution:

By default, the LoadMaster is not vulnerable to this exploit since renegotiation is disabled by default in firmware versions 7.2.55 and above.

With renegotiation on, LoadMaster is no more vulnerable than any other network appliance running OpenSSL 1.1.1. This CVE is listed as disputed, per this note: It can also be argued that it is the responsibility of server deployments, not a security library, to prevent or limit renegotiation when it is inappropriate within a specific environment. Therefore, if you enable renegotiation on LM, you need to configure your back-end servers properly to limit renegotiation.

 

In case SSL Renegotiation is enabled, it needs to be disabled from the LoadMaster under Certificates and Security>SSL Options.

The 'Enable SSL Renegotiation' option has to be disabled, in case it is enabled.

Workaround:  
Notes:

https://docs.progress.com/bundle/loadmaster-configuration-guide-web-user-interface-wui-ga/page/SSL-Options.html

https://docs.progress.com/bundle/release-notes_loadmaster-7-2-55-0/page/SSL-Renegotiation-Disabled-By-Default.html

https://support.kemptechnologies.com/hc/en-us/articles/360047507831-LoadMaster-Vulnerabilities

 


Was this article helpful?
0 out of 0 found this helpful

Comments