Bug ID 1041225: Missing SHA-384 cipher suites in outgoing LDAP TLS ClientHello

Last Modified: Sep 14, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1

Opened: Aug 17, 2021
Severity: 2-Critical

Symptoms

BIG-IP does not send SHA-384 ciphers in the advertised ciphers list in the Client Hello when initiating LDAP/TLS with a pool member (in the case of a monitor).

Impact

Servers requiring SHA-384 for LDAP/TLS authentication will not be able to authenticate.

Conditions

You have LDAP servers which support SHA-384 ciphers only for LDAP/TLS authentication.

Workaround

None

Fix Information

None

Behavior Change