OpenSSL HeartBleed, CVE-2014-0160

Get the latest updates on how F5 mitigates HeartbleedGet the latest updates on how F5 mitigates Heartbleed The Heartbleed attack in OpenSSL 1.0.1 and beyond allows an attacker to get up to 64k of ...

Published Apr 09, 2014

Version 1.0

application delivery

Jeff_Costlow_10

Historic F5 Account

Joined January 26, 2005

Jeff_Costlow_10

Historic F5 Account

Joined January 26, 2005

opediggitty_692

Icon for Nimbostratus rank

Nimbostratus

Apr 11, 2014

When you say

"However, if you are not using the SSL termination capabilities of the BIG-IP, then the attack will pass directly through the BIG-IP and to the webservers. You may be vulnerable depending on the webservers you use."

Are you talking about anyone that is not using the built-in ssl profiles at all (meaning they are not even using a VIP), or do you mean anyone that is using the ssl profiles but simply does not terminate it there and reencrypts the traffic to then send on to the destination server?