Bug ID 1065085: MD5 cipher is allowed on RESTCONF port 8888 with FIPS-enabled license.

Last Modified: Dec 07, 2023

Affected Product(s):
F5OS Velos(all modules)

Fixed In:
F5OS-C 1.3.0, F5OS-A 1.1.0

Opened: Dec 01, 2021

Severity: 3-Major

Symptoms

When a FIPS-enabled license is installed on the system, some MD5 ciphers are allowed on RESTCONF port 8888, when they should not be allowed.

Impact

MD5 SSLCipher continues to work on port 8888 on both system controller and chassis partition management IP addresses.

Conditions

The command "openssl s_client -connect <mgmt-ip>:8888 -cipher MD5" returns a valid certificate.

Workaround

None

Fix Information

Removed MD5 SSLCipherSuites from ssl.conf when a FIPS-enabled license is installed on the system.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips