Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4
Fixed In:
14.0.0, 13.1.3.5
Opened: Sep 05, 2017 Severity: 3-Major
Changes to a cipher group, even indirect changes such as changing an underlying cipher rule, will not be propagated to the SSL profiles until the configuration is reloaded.
The available ciphers on an SSL profile might not be as expected.
-- An SSL profile is using cipher groups (instead of the cipher string). -- Some changes are made to that group.
You can use either of the following workarounds: -- Always reload the configuration after changing a cipher group. -- Use the existing cipher string mechanism instead.
With this change, changes to a cipher group are correctly propagated to the SSL profiles, so no configuration reload is required.