OpenSSL workaround and fix?

Question

There is no SSL work around given for the June 5th OpenSSL bugs for client connections.&nbsp;
We use a layered virtual server for sending requests to a remote box over TLS.&nbsp;
I assume this is vulnerable?
(although it may depend on the other end, which it believe is IIS, so not OpenSSL, which eliminates some of the issues).&nbsp;
Is there any mitigation I should/can implement?
Any expected date for a release of 11.5.1 fix for OpenSSL.&nbsp;
http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15325.html&nbsp;

what_lies_bene1 · Answer

If you are NOT using COMPAT ciphers in your SSL profiles, likely only your management interface is vulnerable. Where your real servers are concerned, I'm not sure but I'd suggest you check; OpenSSL is hidden inside many, many products.

Forum Discussion

OpenSSL workaround and fix?

1 Reply

Recent Discussions

google-visualization-issues

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Related Content

FIX Message Response

Building an OpenSSL Certificate Authority - Creating Your Root Certificate

OpenSSL CVE-2022-3786 and CVE-2022-3602 or "The Critical that wasn't"

Building an OpenSSL Certificate Authority - Configuring CRL and OCSP

Building an OpenSSL Certificate Authority - Creating ECC Certificates