Forum Discussion

Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Oct 07, 2013

Update openssl version separately???

Hi there, I'd like to ask you this time if there is any possibility to update the openssl version without updating the TMOS. Right now the affected boxes are running 10.1.0 HF2 with openssl 0.9.8e, b...
management
security
What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Oct 14, 2013

This article should tell you all you need to know: http://support.f5.com/kb/en-us/solutions/public/13000/100/sol13187.html.

 

"The BIG-IP SSL profiles can use ciphers from two different SSL stacks; the NATIVE stack is built into TMM, and the COMPAT stack is based on the OpenSSL library. The NATIVE stack is an optimized SSL stack which the BIG-IP system can use to leverage hardware acceleration. F5 recommends that you use the NATIVE stack, as it is suitable for most SSL connections."

 

It looks like you can just use the NATIVE cipher string to avoid using OpenSSL.