Forum Discussion

Cumulonimbus

Oct 07, 2013

Update openssl version separately???

Hi there, I'd like to ask you this time if there is any possibility to update the openssl version without updating the TMOS. Right now the affected boxes are running 10.1.0 HF2 with openssl 0.9.8e, b...

management

security

What_Lies_Bene1

Cirrostratus

Oct 10, 2013

Well, it doesn't fix OpenSSL, but it avoids it and thus mitigates the risk. The cipher string to use to avoid using compat ciphers (and thus OpenSSL) for your version would be:

!SSLv2:ALL:!DH:!ADH:!EDH:!MD5:!EXPORT:!DES:@SPEED

Note when you move to v10.2 or later, you no longer need to do this, the default ciphers only include native ciphers.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Update openssl version separately???

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

dynamic signature detection

DNS HM Probe issue

F5 looses the token for the first call

Related Content

Log separation by event

OpenSSL CVE-2022-3786 and CVE-2022-3602 or "The Critical that wasn't"

https and separate port VS

Separating False Positives from Legitimate Violations

OpenSSL HeartBleed, CVE-2014-0160

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS