Forum Discussion
Frank_30530
Jun 11, 2014Altocumulus
I have read SOL15325. It states that:
- All BIG-IP versions contain vulnerable client side code.
- Only virtual servers using an SSL profile configured to use ciphers from the COMPAT SSL stack are vulnerable in BIG-IP 11.5.0 and 11.5.1.
It is unclear to me if server side (SSLserver profile) sessions using the NATIVE cipher suite are vulnerable or not? I.e., what exactly is 'client side code'? Does 'client' refer to the 'client side' on the BIG-IP or does 'client side' refer to the OpenSSL client code?
It is unclear to me if a NATIVE cipher suite SSL server side connection (i.e., a VS with a serverssl profile) uses OpenSSL (might be vulnerable) or the hardware accelerator chips (not vulnerable).
F5 please clarify?