Forum Discussion

czacek

Nimbostratus

Jun 05, 2014

OpenSSL Security Advisory [05 Jun 2014]

How does today's OpenSSL news relate to our F5s? http://www.openssl.org/news/secadv_20140605.txt

openssl

security

Jeff_Costlow_10

Historic F5 Account

Jun 11, 2014

Please see my article. CVE-2014-0224 is the worst vulnerability, but the article discusses all of them.

BIG-IP versions 11.5.0 and 11.5.1 contain OpenSSL 1.0.1 for the management GUI. These versions are vulnerable to CVE-2014-0224 only on the management interface. We'll be patching that soon. We'll be patching older releases which contain vulnerable client code over time.

BIG-IP 11.5.0 and 11.5.1 virtual servers doing TLS termination are not vulnerable. (Unless you are using COMPAT ciphers with 11.5.0 or 11.5.1. This is very rare.)

There are some tools that show virtual servers doing TLS termination as vulnerable. This is not correct for reasons that I hope I made clear in the article linked above.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

OpenSSL Security Advisory [05 Jun 2014]

Recent Discussions

Problem with lets encrypt and redirect after update

where can find silverline ddos protect config guide?

iRule for client certificate verification and inserting CN

Earth Simnavaz

Should config via cli rather than gui?

Related Content

How To Read An F5 Security Advisory

Security Advisory Status

OpenSSL CVE-2022-3786 and CVE-2022-3602 or "The Critical that wasn't"

Easter Egg: BIG-IP Advisory Banner

F5 Security Podcasts

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS