Forum Discussion
NimbostratusHeartbleed SSL Bug - Does that need a fix from F5?
Get the latest updates on how F5 mitigates Heartbleed
Does F5 need to update their SSL support implementation on the BigIP LTM to close the "Heartbleed" SSL security issue?
http://www.cnet.com/news/heartbleed-bug-undoes-web-encryption-reveals-user-passwords/
7 Replies
Victor_12567see here https://devcentral.f5.com/questions/openssl-and-heart-bleed-vuln
See below solution article.
http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html
Cory_50405Noctilucent
It's due to v11.5 being packaged with a vulnerable OpenSSL version, whereas versions 11.4 and before were not.
Christopher_BooCirrostratus
Sorry. I deleted my first post after I realized I did in fact need another cup of coffee :D Thanks! Chris
- MegaZone
SIRT
The official AskF5 Solution is out: http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html See also: https://devcentral.f5.com/articles/openssl-heartbleed-cve-2014-0160 
ozesati_120213When is a hotfix expected to come out for vuln versions LTM 11.5 and 11.5.1?
Mahmoud_Eldeeb_Virtual servers using an SSL profile configured with the default Native SSL ciphers are not vulnerable. Only virtual servers using an SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable in BIG-IP 11.5.0 and 11.5.1. In addition, virtual servers that do not use SSL profiles and pass SSL traffic to the back-end web servers will not protect the back-end resource servers.
