
Ticketbleed F5 bug undermines HTTPS - beaconfield
https://arstechnica.com/security/2017/02/newly-discovered-flaw-undermines-https-connections-for-almost-1000-sites/
======
jsnfwlr
Thankfully this is limited to a single (and seemingly small) company's
hardware, rather than the entire SSL/TLS stack. Glad it wasn't someone like
Cisco too ...

~~~
bsagdiyev
We had session tickets disabled already so weren't affected, but you'd be
surprised some of the sites that use these devices. I believe AT&T has quite a
number in use.

~~~
zonknz
At one time Azure was built on a whole bunch of F5s. Unsure if they are still
in the picture.

~~~
trome
F5 is just across the water from Microsoft, and there is a lot of cross-
pollination of employees between the two. Even if F5 wasn't the best choice, I
wouldn't be surprised if they were used just due to familiarity.

