Bug ID 1065085: MD5 cipher is allowed on RESTCONF port 8888 with FIPS-enabled license.

Last Modified: Dec 07, 2023

Affected Product(s):
F5OS Velos(all modules)

Fixed In:
F5OS-C 1.3.0, F5OS-A 1.1.0

Opened: Dec 01, 2021

Severity: 3-Major


When a FIPS-enabled license is installed on the system, some MD5 ciphers are allowed on RESTCONF port 8888, when they should not be allowed.


MD5 SSLCipher continues to work on port 8888 on both system controller and chassis partition management IP addresses.


The command "openssl s_client -connect <mgmt-ip>:8888 -cipher MD5" returns a valid certificate.



Fix Information

Removed MD5 SSLCipherSuites from ssl.conf when a FIPS-enabled license is installed on the system.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips