JRahm
Jun 06, 2014Admin
New OpenSSL vulnerability - CVE-2014-0224
Hey community, there's a new OpenSSL vulnerability out there in the wild. I say new, but...newly discovered. Turns out it's been there a while. Anyway, F5 solution 15325 for the details. A quick note:
The vulnerability is with OpenSSL, not the F5 SSL Stack. So if you are offloading SSL with native ciphers on your BIG-IP, this is not a vulnerability for your traffic. The management interface uses OpenSSL, however, so it might be vulnerable based on your BIG-IP version, check the solution.
David Holmes is correct yet again that SSL is "this close to being completely broken!"