Forum Discussion
abhishekmadhu
Nimbostratus
NimbostratusIndividual OpenSSL Upgrade
We have a F5 LTM Virtual module, we need to mitigate the "CVE-2022-1292" and we can see that they suggest us to upgrade the Open SSL Version, Can someone let me know is it possible to upgrade the onl...
whisperer
MVP
MVPKeep in mind that TMOS implements its own version of SSL, and you can see what ciphers are supported at https://my.f5.com/manage/s/article/K000136126. The OS implementation would generally only be used for the HTTPS GUI, so that is the only 'attack vector'. If you mitigate access to the HTTPS GUI to trusted networks, and dont expose it to the Internet, security dispensations are usually provided by audit/security teams.
That said, there is really no supported method of upgrading the OS version of OpenSSL without some 'hacking' and this may invalidate support. Generally, you want to upgrade the BIG-IP version of code and hence the underlying OpenSSL verison.