Forum Discussion

Cirrocumulus

Nov 05, 2009

SSL Vulnerability

Does anyone know if F5's with SSL Offload are vulnerable to the plain text insertion vulnerability that's been reported today? Details are vague (As you'd expect) but IIUC it may be on...

config

design

Hamish

Cirrocumulus

Nov 05, 2009

Hi Aaron.

The IETF mailing list link is http://www.ietf.org/mail-archive/web/tls/current/msg03942.html 'el reg' has the article I first saw at http://www.theregister.co.uk/2009/11/05/serious_ssl_bug/ and then the more in-depth info is at http://extendedsubset.com/?p=8

I'm still reading the paper he wrote to discover exactly how bad the vulnerability is. But it's not actually limited to just client auth certificate negotiation apparently.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL Vulnerability

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

BYOEDR, Undetectable backdoor, WhoFi, Cyberattack to airline, and Clickjacking vulnerability

Breaking Down the Quantum Challenge: TLS Cipher Suite Vulnerabilities and FIPS Post-Quantum Standards Explained

The DROWN Attack: Another SSL Vulnerability

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS