Did someone get already an official statement from F5 Networks about the latest vulnerability disclosed today? (not heartbleed!)
Thanks for your reply
RedHat OpenSSL CCS Injection Vulnerability tool (CVE-2014-0224) https://access.redhat.com/labs/ccsinjectiontest
identified VS on F5 (v.10.5.0 & v.10.5.1) as "Status: Vulnerable!"
This answers some questions: http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html
TMM is not using openssl for SSL enabled virtual servers except you configure COMPAT ciphers on 11.5.x. The risk on the management traffic (configuration/iControl/big3d) is low as long as your management segment is separated.
But, still, F5 should provide an official statement that their SSL implementation is not affected.
There are a few threads open on this today, but I recommend reviewing https://devcentral.f5.com/questions/openssl-security-advisory-05-jun-2014 as it has the most technical details so far.