Last Modified: May 29, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
15.1.0
Fixed In:
16.0.0, 15.1.0.1
Opened: Dec 16, 2019 Severity: 3-Major
After configuring a clientssl-quic profile, you get a validation error: 01b40001:3: A cipher group must be configured when TLS 1.3 is enabled (validation failed for profile /Common/clientssl-f5quic-udp).
You are unable to configure a clientssl profile to work with HTTP/3 + QUIC that is also customized to serve the right certificate, etc.
This can occur when using the clientssl-quic built-in profile to build a profile that can serve HTTP/3 over QUIC.
Modify the clientssl-quic profile to have the following properties: cipher-group quic ciphers none This requires the following additional config objects: ltm cipher group quic { allow { quic { } } } ltm cipher rule quic { cipher TLS13-AES128-GCM-SHA256,TLS13-AES256-GCM-SHA384 description "Ciphers usable by QUIC" }
Update the built-in configuration to pass validation.