Forum Discussion
7 Replies
Sort By
- Victor_12567Nimbostratus
see here https://devcentral.f5.com/questions/openssl-and-heart-bleed-vuln
- goldie_01_14551Historic F5 Account
See below solution article.
http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
- Cory_50405NoctilucentIt's due to v11.5 being packaged with a vulnerable OpenSSL version, whereas versions 11.4 and before were not.
- Christopher_BooCirrostratusSorry. I deleted my first post after I realized I did in fact need another cup of coffee :D Thanks! Chris
- The official AskF5 Solution is out: http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html See also: https://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160
- ozesati_120213Nimbostratus
When is a hotfix expected to come out for vuln versions LTM 11.5 and 11.5.1?
- Mahmoud_Eldeeb_Cirrostratus
Virtual servers using an SSL profile configured with the default Native SSL ciphers are not vulnerable. Only virtual servers using an SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable in BIG-IP 11.5.0 and 11.5.1. In addition, virtual servers that do not use SSL profiles and pass SSL traffic to the back-end web servers will not protect the back-end resource servers.