Ticketbleed F5 bug undermines HTTPS
arstechnica.comThankfully this is limited to a single (and seemingly small) company's hardware, rather than the entire SSL/TLS stack. Glad it wasn't someone like Cisco too ...
I wouldn't say F5 is small, in fact for load balancing (or whatever the kids call that these days) they're over 50% of the market apparently - https://f5.com/about-us/news/twists/f5-gains-adc-market-shar...
We had session tickets disabled already so weren't affected, but you'd be surprised some of the sites that use these devices. I believe AT&T has quite a number in use.
At one time Azure was built on a whole bunch of F5s. Unsure if they are still in the picture.
F5 is just across the water from Microsoft, and there is a lot of cross-pollination of employees between the two. Even if F5 wasn't the best choice, I wouldn't be surprised if they were used just due to familiarity.
True, but F5 is still extremely popular with medium and large companies.