For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

squip_86995's avatar
squip_86995
Icon for Nimbostratus rankNimbostratus
Apr 07, 2014

OpenSSL and Heart Bleed Vuln

Get the latest updates on how F5 mitigates Heartbleed     Hi Team,   I know this question is eventually going to be asked - I may as well do it.   With the news today about the Heartblee...
https
management
security
ssl
tls
TMOS
Simon_Waters_13's avatar
Simon_Waters_13
Icon for Cirrostratus rankCirrostratus
Apr 08, 2014

Okay still struggling to get my head around this.

 

We use 11.4.2 HF2.

 

We get connections using TLS 1.2 (and some old) using a bespoke set of ciphers including "NATIVE"

 

I assume the TLS 1.2 connection must be using the NATIVE code, but that we may fall back to older ciphers, and that since the SSL library mod_ssl.so depends on is libssl.so.0.9.8 (readelf -d mod_ssl.so) then this F5 pair are not affected, but that people with 11.5 may be. And I nearly upgraded BECAUSE of the better SSL cipher support in 11.5......