Forum Discussion
David_Holmes_9
Jun 06, 2014Historic F5 Account
The threat surface is very similar to Heartbleed - only the management port (which uses openssl) and users of the COMPAT ciphers in the dataplane. In our most recent survey, less than 1% of customers use those.
Possible iRule for extra credit: Because the attack appears to involve the use of an additional ChangeCipherSpec (CCS) message within in handshake, one could conceivable write an iRule that looked for this and then discarded the connection. Look to the Heartbleed iRules as a template.
For a very detailed explanation of 0224, here is a post Adam Langely from Google: https://www.imperialviolet.org/2014/06/05/earlyccs.html