Bug ID 1006845: Modifying the default clientssl profile to use a cipher group causes configuration load to fail

Last Modified: Mar 01, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1

Opened: Mar 26, 2021

Severity: 3-Major

Symptoms

Modifying the default client SSL profile to use a cipher group causes config load to fail with an error similar to: load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all " - failed. -- Loading schema version: 13.1.3.4 Loading schema version: 13.1.3.6 01070311:3: Ciphers list 'ALL:!DH:!ADH:!EDH:@SPEED' for profile /Common/clientssl-insecure-compatible denies all clients Unexpected Error: Loading configuration process failed.

Impact

Unable to load the configuration.

Conditions

-- The default client SSL profile has been modified to use a cipher group. -- Loading the configuration.

Workaround

Create a new client SSL profile that inherits from the default profile, and modify it to use the cipher group instead. Then use it as a base profile for other client SSL profiles.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips