Bug ID 1120433: Removed gtmd and big3d daemon from the FIPS-compliant list

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:
17.0.0.1, 17.0.0, 16.1.3, 16.1.2.2

Fixed In:
17.1.0, 16.1.3.1

Opened: Jun 22, 2022

Severity: 1-Blocking

Symptoms

The gtmd is not able to establish a secure connection to big3d due to failure in handshake because no common ciphers were found between big3d and gtmd in FIPS mode.

Impact

SSL handshakes fail between big3d and gtmd because no common ciphers are present.

Conditions

-- BIG-IP versions 16.1.2.2 and above -- FIPS 140-3 license is installed on the BIG-IP or its a FullBoxFIPS device. -- Connections are established between big3d and gtmd in FIPS mode.

Workaround

None

Fix Information

Gtmd and big3d can now communicate when FIPS mode is enabled.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips