For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chip_Anderson's avatar
Chip_Anderson
Icon for Nimbostratus rankNimbostratus
Apr 08, 2014

Heartbleed SSL Bug - Does that need a fix from F5?

Get the latest updates on how F5 mitigates Heartbleed   Does F5 need to update their SSL support implementation on the BigIP LTM to close the "Heartbleed" SSL security issue?   http://www.cnet.c...
application delivery
LTM
management
security
ssl
Mahmoud_Eldeeb_'s avatar
Mahmoud_Eldeeb_
Icon for Cirrostratus rankCirrostratus
Apr 13, 2014

Virtual servers using an SSL profile configured with the default Native SSL ciphers are not vulnerable. Only virtual servers using an SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable in BIG-IP 11.5.0 and 11.5.1. In addition, virtual servers that do not use SSL profiles and pass SSL traffic to the back-end web servers will not protect the back-end resource servers.