Forum Discussion

Cirrocumulus

16 years ago

SSL Vulnerability

Does anyone know if F5's with SSL Offload are vulnerable to the plain text insertion vulnerability that's been reported today? Details are vague (As you'd expect) but IIUC it may be on...

config

design

Hamish

Cirrocumulus

16 years ago

Hi Aaron.

The IETF mailing list link is http://www.ietf.org/mail-archive/web/tls/current/msg03942.html 'el reg' has the article I first saw at http://www.theregister.co.uk/2009/11/05/serious_ssl_bug/ and then the more in-depth info is at http://extendedsubset.com/?p=8

I'm still reading the paper he wrote to discover exactly how bad the vulnerability is. But it's not actually limited to just client auth certificate negotiation apparently.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

SSL Vulnerability

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

How to Verify config before loading to F5

Logical Disk Full to Migrate rSeries

HSL - Local TimeZone - in syslog server

VIP control across data centers - how to ensure only 1 VIP is up at a time?

Related Content

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

The DROWN Attack: Another SSL Vulnerability

Coordinated Vulnerability Disclosure: A Balanced Approach

ImageTragick - ImageMagick Remote Code Execution Vulnerability

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS