POODLE Vulnerability Affects TLS 1.0, TLS 1.1

POODLE Vulnerability Affects TLS 1.0, TLS 1.1

Poodle v2

It has been recently discovered that the POODLE vulnerability affects more than simply SSL 3.0. Improper checking of TLS “padding” means that the vulnerability may also be used to exploit TLS 1.0 and TLS 1.1.
This vulnerability was found in sites using load balancers from two manufacturers, F5 and A10. These manufacturers have already released patches for their products which can be found in the links provided below. 
This vulnerability does NOT affect your SSL certificate. There is no need to re-issue, or revoke and certificates as your private key has not been compromised

What should I do?

1. Check if your server is vulnerable by using the Qualys SSL Labs SSL Server test.
2. Apply the patch provided by your vendor. F5's are here; A10's are here. We'll add other affected vendors as they are announced.
Note: This vulnerability does not affect the SSL Certificates themselves. There is no need to resissue, renew, or reinstall any certificates at this time.
Affected Version
F5

Product Versions known to be vulnerable Versions known to be not vulnerable Vulnerable component or feature
BIG-IP LTM 11.0.0 - 11.5.1
10.0.0 - 10.2.4
11.6.0
11.5.1 HF6
11.5.0 HF6
11.4.1 HF6
11.4.0 HF9
11.2.1 HF13
10.2.4 HF10
SSL profiles
BIG-IP AAM 11.4.0 - 11.5.1 11.6.0
11.5.1 HF6
11.5.0 HF6
11.4.1 HF6
11.4.0 HF9
SSL profiles
BIG-IP AFM 11.3.0 - 11.5.1 11.6.0
11.5.1 HF6
11.5.0 HF6
11.4.1 HF6
11.4.0 HF9
SSL profiles
BIG-IP Analytics 11.0.0 - 11.5.1 11.6.0
11.5.1 HF6
11.5.0 HF6
11.4.1 HF6
11.4.0 HF9
11.2.1 HF13
SSL profiles
BIG-IP APM 11.0.0 - 11.5.1
10.1.0 - 10.2.4
11.6.0
11.5.1 HF6
11.5.0 HF6
11.4.1 HF6
11.4.0 HF9
11.2.1 HF13
10.2.4 HF10
SSL profiles
BIG-IP ASM 11.0.0 - 11.5.1
10.0.0 - 10.2.4
11.6.0
11.5.1 HF6
11.5.0 HF6
11.4.1 HF6
11.4.0 HF9
11.2.1 HF13
10.2.4 HF10
SSL profiles
BIG-IP Edge Gateway 11.0.0 - 11.3.0
10.1.0 - 10.2.4
11.2.1 HF13
10.2.4 HF10
SSL profiles
BIG-IP GTM* None 11.0.0 - 11.6.0
10.0.0 - 10.2.4
None
BIG-IP Link Controller* None 11.0.0 - 11.6.0
10.0.0 - 10.2.4
None
BIG-IP PEM 11.3.0 - 11.6.0 11.6.0 HF3
11.5.1 HF6
11.5.0 HF6
11.4.1 HF6
11.4.0 HF9
SSL profiles
BIG-IP PSM 11.0.0 - 11.4.1
10.0.0 - 10.2.4
11.4.1 HF6
11.4.0 HF9
11.2.1 HF13
10.2.4 HF10
SSL profiles
BIG-IP WebAccelerator 11.0.0 - 11.3.0
10.0.0 - 10.2.4
11.2.1 HF13
10.2.4 HF10
SSL profiles
BIG-IP WOM 11.0.0 - 11.3.0
10.0.0 - 10.2.4
11.4.1 HF6
11.4.0 HF9
11.2.1 HF13
10.2.4 HF10
SSL profiles
ARX None 6.0.0 - 6.4.0 None
Enterprise Manager* None 3.0.0 - 3.1.1
2.1.0 - 2.3.0
None
FirePass None 7.0.0
6.0.0 - 6.1.0
None
BIG-IQ Cloud 4.0.0 - 4.4.0 None REST API
BIG-IQ Device 4.2.0 - 4.4.0 None REST API
BIG-IQ Security 4.0.0 - 4.4.0 None REST API
LineRate None 2.2.0 - 2.5.0
1.6.0 - 1.6.4
None

*The noted products contain vulnerable code but do not expose SSL profiles and are therefore not vulnerable.

Source: 
https://support.f5.com/kb/en-us/solutions/public/15000/800/sol15882.html

A10

A10 has yet to release a patch of affected hardware. This site will be updated as soon as that information is available.

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Please click the button below to log in or sign up.

Log In - Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.