For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Simon_Waters_13's avatar
Simon_Waters_13
Icon for Cirrostratus rankCirrostratus
Jun 10, 2014

OpenSSL workaround and fix?

There is no SSL work around given for the June 5th OpenSSL bugs for client connections.

 

We use a layered virtual server for sending requests to a remote box over TLS.

 

I assume this is vulnerable? (although it may depend on the other end, which it believe is IIS, so not OpenSSL, which eliminates some of the issues).

 

Is there any mitigation I should/can implement? Any expected date for a release of 11.5.1 fix for OpenSSL.

 

http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html

 

application delivery
BIG-IP Access Policy Manager (APM)
deployment
LTM
management
security

1 Reply

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Jun 10, 2014

    If you are NOT using COMPAT ciphers in your SSL profiles, likely only your management interface is vulnerable. Where your real servers are concerned, I'm not sure but I'd suggest you check; OpenSSL is hidden inside many, many products.