Last Modified: Jul 12, 2023
Affected Product(s):
BIG-IP Install/Upgrade, LTM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 15.0.0
Fixed In:
15.1.0, 15.0.1, 14.1.2
Opened: Jul 31, 2019 Severity: 3-Major
After upgrade, configuration load fails and the following error is present in /var/log/ltm log: 01070312:3: Invalid keyword 'sslv2' in ciphers list for profile /Common/serverssl-insecure-compatible Unexpected Error: Loading configuration process failed.
The config is not loaded, and upgrade fails.
-- BIG-IP system with SSLv2 as ciphers option in SSL profile running software v12.x/v13.x. -- Upgrading to a version that reports an error when using SSLv2, such as v14.x/v15.x.
If you are encountering this after upgrading, run the following commands from the bash prompt: 1. Backup the configuration: #cp /config/bigip.conf /config/bigip_backup.conf 2. List the occurrences of 'sslv2' in the bigip.conf: #more bigip.conf | grep -i sslv2 3. Remove the SSLv2 references: #sed -i "s/\!SSLv2://g" /config/bigip.conf 4. Check to ensure there are no 'sslv2' references: #more bigip.conf | grep -i sslv2 5. Verify the configuration: #tmsh load sys config verify 6. Try loading the configuration: #tmsh load sys config
SSLv2 validation is removed from the configuration and upgrade succeeds.