Bug ID 1292493: Enforcement of non-approved algorithms in FIPS or Common Criteria mode.

Last Modified: Feb 28, 2025

Affected Product(s):
BIG-IP AFM, APM, LTM, TMOS(all modules)

Fixed In:
17.5.0, 17.1.2, 16.1.5

Opened: Apr 24, 2023

Severity: 4-Minor

Symptoms

FIPS and Common Criteria require that only FIPS-approved algorithms be used for keys.

Impact

OpenSSH accepts non-approved algorithms in FIPS or Common Criteria mode.

Conditions

OpenSSH used in FIPS or Common Criteria mode.

Workaround

None

Fix Information

The allowed cipher list is changed to allow only FIPS-Approved algorithms.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips