F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

abhishekmadhu's avatar
abhishekmadhu
Icon for Nimbostratus rankNimbostratus
Jul 25, 2024

Individual OpenSSL Upgrade

We have a F5 LTM Virtual module, we need to mitigate the "CVE-2022-1292" and we can see that they suggest us to upgrade the Open SSL Version, Can someone let me know is it possible to upgrade the onl...
security
whisperer's avatar
whisperer
Icon for MVP rankMVP
Jul 25, 2024

Keep in mind that TMOS implements its own version of SSL, and you can see what ciphers are supported at https://my.f5.com/manage/s/article/K000136126. The OS implementation would generally only be used for the HTTPS GUI, so that is the only 'attack vector'. If you mitigate access to the HTTPS GUI to trusted networks, and dont expose it to the Internet, security dispensations are usually provided by audit/security teams.

That said, there is really no supported method of upgrading the OS version of OpenSSL without some 'hacking' and this may invalidate support. Generally, you want to upgrade the BIG-IP version of code and hence the underlying OpenSSL verison.