OpenSSL vulnerability

Question

http://openssl.org/news/secadv_20101116.txt
&nbsp;Does anyone know, whether LTMs are affected?&nbsp;

nitass · Answer

All versions of OpenSSL supporting TLS extensions contain this vulnerability 
&nbsp; including OpenSSL 0.9.8f through 0.9.8o, 1.0.0, 1.0.0a releases &lt;---------- 
&nbsp;  
&nbsp; SOL9445: The BIG-IP third party software matrix  
&nbsp; https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9445.html?sr=11205917

l4l7_53191 · Answer

F5 will issue a formal response to these, along with an assessment. If the openssl on-box is vulnerable, it doesn't necessarily mean that the SSL offload capabilities are vulnerable. I'd open a support case and ask them for an assessment on this. Either way, F5 will provide hot fixes, etc. as needed. 
&nbsp;  
&nbsp; -Matt

l4l7_53191 · Answer

F5 will issue a formal response to these, along with an assessment. If the openssl on-box is vulnerable, it doesn't necessarily mean that the SSL offload capabilities are vulnerable. I'd open a support case and ask them for an assessment on this. Either way, F5 will provide hot fixes, etc. as needed. 
&nbsp;  
&nbsp; -Matt

Forum Discussion

OpenSSL vulnerability

Recent Discussions

XC Bot defense question

UCS backup not loading Big IP DNS pool

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

BIG-IP Oauth Client and AS

F5 BOT DEFENSE AWAF blocked some legitimate browsers

Related Content

June 2014 OpenSSL Vulnerabilities

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

Building an OpenSSL Certificate Authority - Creating ECC Certificates

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS