OpenSSL vulnerability

Question

http://openssl.org/news/secadv_20101116.txt
&nbsp;Does anyone know, whether LTMs are affected?&nbsp;

nitass · Answer

All versions of OpenSSL supporting TLS extensions contain this vulnerability 
&nbsp; including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases &lt;---------- 
&nbsp;  
&nbsp; SOL9445: The BIG-IP third party software matrix  
&nbsp; https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9445.html?sr=11205917

l4l7_53191 · Answer

F5 will issue a formal response to these, along with an assessment. If the openssl on-box is vulnerable, it doesn't necessarily mean that the SSL offload capabilities are vulnerable. I'd open a support case and ask them for an assessment on this. Either way, F5 will provide hot fixes, etc. as needed. 
&nbsp;  
&nbsp; -Matt

l4l7_53191 · Answer

F5 will issue a formal response to these, along with an assessment. If the openssl on-box is vulnerable, it doesn't necessarily mean that the SSL offload capabilities are vulnerable. I'd open a support case and ask them for an assessment on this. Either way, F5 will provide hot fixes, etc. as needed. 
&nbsp;  
&nbsp; -Matt

Forum Discussion

OpenSSL vulnerability

3 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Not seeing the latest F5OS-A when running Journeys

Related Content

June 2014 OpenSSL Vulnerabilities

CNSA 2.0 Implementation Guide with OpenSSL: How to Build a Quantum-Resistant Certificate Authority

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS