Forum Discussion
squip_86995
Nimbostratus
NimbostratusOpenSSL and Heart Bleed Vuln
Get the latest updates on how F5 mitigates Heartbleed
Hi Team,
I know this question is eventually going to be asked - I may as well do it.
With the news today about the Heartblee...
It's quite possible to work this out logically: Ref: http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13163.html
-
There are ciphers which exist in Native but not in Compat.
-
YOu can specify "NATIVE:COMPAT" as a cipher string
-
Therefore, the stack used depends on which cipher is in use, with the natural preference being for NATIVE.
Tested this just now on 11.2.1 using "NATIVE:COMPAT" as my cipher string on ssl profile. I can connect just fine using ciphers that are only present in NATIVE, and I can do the same using ciphers only present in COMPAT list. So that should confirm that the stack used is decided on a per-connection basis.