Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

SSL Fix?

Is there a recommended fix for this?

http://www.zdnet.com/openssl-fixes-another-severe-vulnerability-7000030253/

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

This answers some questions: http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html

TMM is not using openssl for SSL enabled virtual servers except you configure COMPAT ciphers on 11.5.x. The risk on the management traffic (configuration/iControl/big3d) is low as long as your management segment is separated.

But, still, F5 should provide an official statement that their SSL implementation is not affected.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

There are a few threads open on this today, but I recommend reviewing https://devcentral.f5.com/questions/openssl-security-advisory-05-jun-2014 as it has the most technical details so far.

I also recommend looking directly at the vulnerability release from OpenSSL: https://www.openssl.org/news/secadv_20140605.txt for full details of items affected.

0