OpenSSL and Heart Bleed Vuln

Get the latest updates on how F5 mitigates Heartbleed

 

 

Hi Team,

 

I know this question is eventually going to be asked - I may as well do it.

 

With the news today about the Heartbleed OpenSSL Vulnerability (http://heartbleed.com) I wanted to confirm if we are at any risk. All of my LTM V11 and V10 instances are running OpenSSL 0.9.8x which does not appear to be a vulnerable version of OpenSSL... Does the F5 hook into this when we Sign/Request SSL Certs? If so we're sitting pretty, right?

 

Thanks.

 

Updates based on feedback:

 

ul

 

Update 2: F5 have published a security advisory on this issue - http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html