OpenSSL vulnerability

Question

http://openssl.org/news/secadv_20101116.txt
&nbsp;Does anyone know, whether LTMs are affected?&nbsp;

nitass · Answer

All versions of OpenSSL supporting TLS extensions contain this vulnerability 
&nbsp; including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases &lt;---------- 
&nbsp;  
&nbsp; SOL9445: The BIG-IP third party software matrix  
&nbsp; https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9445.html?sr=11205917

l4l7_53191 · Answer

F5 will issue a formal response to these, along with an assessment. If the openssl on-box is vulnerable, it doesn't necessarily mean that the SSL offload capabilities are vulnerable. I'd open a support case and ask them for an assessment on this. Either way, F5 will provide hot fixes, etc. as needed. 
&nbsp;  
&nbsp; -Matt

l4l7_53191 · Answer

F5 will issue a formal response to these, along with an assessment. If the openssl on-box is vulnerable, it doesn't necessarily mean that the SSL offload capabilities are vulnerable. I'd open a support case and ask them for an assessment on this. Either way, F5 will provide hot fixes, etc. as needed. 
&nbsp;  
&nbsp; -Matt

Forum Discussion

OpenSSL vulnerability

3 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

June 2014 OpenSSL Vulnerabilities

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

OpenSSL CVE-2022-3786 and CVE-2022-3602 or "The Critical that wasn't"

Building an OpenSSL Certificate Authority - Creating ECC Certificates

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP