Ticketbleed F5 bug undermines HTTPS (opens in new tab)

(arstechnica.com)

19 pointsbeaconfield9y ago6 comments

6 comments

Thankfully this is limited to a single (and seemingly small) company's hardware, rather than the entire SSL/TLS stack. Glad it wasn't someone like Cisco too ...

synicalx9y ago

I wouldn't say F5 is small, in fact for load balancing (or whatever the kids call that these days) they're over 50% of the market apparently - https://f5.com/about-us/news/twists/f5-gains-adc-market-shar...

bsagdiyev9y ago

We had session tickets disabled already so weren't affected, but you'd be surprised some of the sites that use these devices. I believe AT&T has quite a number in use.

zonknz9y ago

At one time Azure was built on a whole bunch of F5s. Unsure if they are still in the picture.

1 more reply

meowface9y ago

True, but F5 is still extremely popular with medium and large companies.

j / k navigate · click thread line to collapse