Short after the openssl Heartbleed vurnearability was publiced Cisco announced that Cisco ASA was NOT affected by Heartbleed because it runs an older version of OpenSSL.
But w000t? From now on Cisco ASA runs OpenSSL v1.0.1e (which IS affected by Heartbleed)! What´s happening. Cisco?
Edit. I posted this and sent the URL to one of my contacts at Cisco. Less than 2 hours later Cisco added a note to the Release Notes:
So. Cisco did NOT add heartbleed as a new feature in ASA v9.2. My guess is that they upgraded to 1.0.1e in a beta of 9.2 and before got aware of Heartbleed just days before releasing 9.2. And instead of upgrading OpenSSL to 1.0.1g they disabled SSL heartbeat.
So what I found was probably a bug in the documentation. 🙂