Bug ID 1065085: MD5 cipher is allowed on RESTCONF port 8888 with FIPS enabled license

Last Modified: Jan 06, 2022

Bug Tracker

Affected Product:  See more info
F5OS Velos(all modules)

Fixed In:
1.3.0

Opened: Dec 01, 2021
Severity: 3-Major

Symptoms

When the System is installed with a FIPS enabled license, some of the MD5 ciphers are still allowed on RESTCONF port 8888 which is supposed to be disallowed.

Impact

MD5 SSLCipher continues to work on port 8888 on both system controller and partition mgmt-ips.

Conditions

The command "openssl s_client -connect <mgmt-ip>:8888 -cipher MD5" returns a valid certificate.

Workaround

None

Fix Information

Removed MD5 SSLCipherSuites from ssl.conf when FIPS enabled license is installed in the system.

Behavior Change