Bug ID 1234485

Bug Tracker
ID 1234485

Bug ID 1234485: Remove DB Variables support to control deprecated ciphers

Last Modified: Apr 28, 2025

Affected Product(s):
BIG-IP AFM(all modules)

Fixed In:
17.5.0

Opened: Feb 03, 2023

Severity: 4-Minor

Symptoms

Below 3 DB Variables were added to control particular ciphers only. sys db sshplugin.enable_3des_and_blowfish_ciphers { value "false" } sys db sshplugin.enable_dh_group14_sha1_kex_alg { value "false" } sys db sshplugin.enable_hmac_sha1_mac { value "false" }

Impact

Only three ciphers can be controlled with the three db variables but not all of them

Conditions

3 Db Variables should be configured to true/false to enable/disable ciphers

Workaround

None

Fix Information

Removed support for three DB variables: -- sshplugin.enable_3des_and_blowfish_ciphers -- sshplugin.enable_dh_group14_sha1_kex_alg -- sshplugin.enable_hmac_sha1_mac

Behavior Change

The following DB variables have been removed: sys db sshplugin.enable_3des_and_blowfish_ciphers { value "false" } sys db sshplugin.enable_dh_group14_sha1_kex_alg { value "false" } sys db sshplugin.enable_hmac_sha1_mac { value "false" }

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips