OpenSSL and management console

Question

I am running 11.4.1 HF8.  The management console is still using OpenSSL 0.9.8y, which our internal security scanner doesn't like.  Is there a patch that I missed, or is that the current supported version?  I can always argue that it's internal and can therefore ignore the vulnerability, but I'd like to make it go away if I can.&nbsp;
Thanks for any help.&nbsp;

kharsma_176894 · Answer

I believe hat is the current standard for 11.4.x code, starting in the 11.5.x code they updated OpenSSL to OpenSSL 1.0.1e-fips. What vulnerabilities are you getting from your scan? Also, F5 only uses the OpenSSL (COMPAT) stack on the management port, and https monitors(I'm not 100% on this), unless you've changed your cipher-text on the SSL profiles from 'DEFAULT'.

scogran · Answer

Ya, the virtual servers are fine. No issues there. This only affects the management console. It shows up as "multiple openSSL vulnerabilities" as 0.9.8.y is 2 years old and 0.9.8.za fixed a lot of stuff last year. Once we finish removing SSLv3 from our environment, I can upgrade to 11.5 or 11.6, which appears to use a newer version.

Forum Discussion

OpenSSL and management console

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Introducing F5 WAF for NGINX with Intuitive GUI in NGINX One Console and NGINX Instance Manager

Streamlining Certificate Management in F5 Distributed Cloud: From Console Clicks to CLI Efficiency

Automating Certificate Management on F5 BIG-IP

CNSA 2.0 Implementation Guide with OpenSSL: How to Build a Quantum-Resistant Certificate Authority

F5 NGINX One Console June Features

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS