Bug ID 1006845: Modifying the default clientssl profile to use a cipher group causes configuration load to fail

Last Modified: Jun 30, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1

Opened: Mar 26, 2021
Severity: 3-Major

Symptoms

Modifying the default client SSL profile to use a cipher group causes config load to fail with an error similar to: load_config_files: "/usr/bin/tmsh -n -g load sys config partitions all " - failed. -- Loading schema version: 13.1.3.4 Loading schema version: 13.1.3.6 01070311:3: Ciphers list 'ALL:!DH:!ADH:!EDH:@SPEED' for profile /Common/clientssl-insecure-compatible denies all clients Unexpected Error: Loading configuration process failed.

Impact

Unable to load the configuration.

Conditions

-- The default client SSL profile has been modified to use a cipher group. -- Loading the configuration.

Workaround

Create a new client SSL profile that inherits from the default profile, and modify it to use the cipher group instead. Then use it as a base profile for other client SSL profiles.

Fix Information

None

Behavior Change