Because of the well known BEAST attack, block ciphers are no longer considered secure for SSL3/TLS1.0. Research (A Few Thoughts on Cryptographic Engineering: Attack of the week: RC4 is kind of broken in TLS)also shows that RC4 is broken too. With all these, it forces to go with TLS1.1 and above. My question is
My understanding is OEM does not support TSL1.1 or 1.2, If yes, when we can expect the support for these protocols?. If OEM does not support TLS1.1 or 1.2 - is it not a security hole?
TLS1.1 is released in 2006 (http://www.ietf.org/rfc/rfc4346.txt) and TLS 1.2 is release in 2008(http://www.ietf.org/rfc/rfc5246.txt) . But it is not implemented/supported in OEM even after nine years!
Another concern here is : Most LTM's (like F5) stopped supporting SSL v3, TLS1.0 by default.