Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral


Loading

DC Podcast - April 9, 2014

Awesome stuff MegaZone...thanks for the clarification!

A couple of comments: 1. Management GUI on 11.5.0/11.5.1 is vulnerable, yes. Data traffic is not vulnerable when using NATIVE ciphers, but it *is* vulnerable on 11.5.0/11.5.1 when using COMPAT ciphers. NATIVE is the default, so most customers will not be affected. See SOL15159 http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html 2. The iRules that have been posted now do not help with the vulnerabilities on the BIG-IP, but are for protecting back-end TLS termination when using pass-through VIPs, such as FastL4. See: https://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160 3. Some versions of Edge Client are also vulnerable, see SOL15159. This is only a concern if connecting to a malicious/compromised server that would send the exploit. Since most customers control the server-side this isn't a concern for them.