Forum Discussion

czacek

Nimbostratus

Jun 05, 2014

OpenSSL Security Advisory [05 Jun 2014]

How does today's OpenSSL news relate to our F5s? http://www.openssl.org/news/secadv_20140605.txt

openssl

security

Frank_30530

Altocumulus

Jun 11, 2014

I have read SOL15325. It states that:

All BIG-IP versions contain vulnerable client side code.
Only virtual servers using an SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable in BIG-IP 11.5.0 and 11.5.1.

It is unclear to me if server side (SSLserver profile) sessions using the NATIVE cipher suite are vulnerable or not? I.e., what exactly is 'client side code'? Does 'client' refer to the 'client side' on the BIG-IP or does 'client side' refer to the OpenSSL client code?

It is unclear to me if a NATIVE cipher suite SSL server side connection (i.e., a VS with a serverssl profile) uses OpenSSL (might be vulnerable) or the hardware accelerator chips (not vulnerable).

F5 please clarify?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

OpenSSL Security Advisory [05 Jun 2014]

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

How To Read An F5 Security Advisory

Security Advisory Status

OpenSSL CVE-2022-3786 and CVE-2022-3602 or "The Critical that wasn't"

Easter Egg: BIG-IP Advisory Banner

F5 Security Podcasts

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS