AnsweredAssumed Answered

ROBOT Vulnerability and Mitigation

Question asked by Mike D on Jan 11, 2018
Latest reply on Apr 30, 2018 by Keith Shaw



I have a question regarding the rating of the ROBOT vulnerability with the ssllabs scanning tool. Obviously the best options would be to apply the patch provided by F5 and/or remove RSA from the cipher suite profile.


However, I am curious if implementing the partially mitigating controls detailed here: ( would still get an F score come February?

  • The partially mitigating controls are:
    • Lowering the Client SSL Handshake Timeout
    • Rate limiting iRule

We fully intend to completely mitigate this vulnerability, unfortunately this will take some time. I plan to implement the partially mitigating controls in the mean time until this is resolved and just want clarification if these partial mitigations would still get flagged as vulnerable to ROBOT (per ssllab's grading) in February?


Thank you so much