Last Modified: Nov 02, 2023
BIG-IP Install/Upgrade, TMOS
Known Affected Versions:
17.1.0, 126.96.36.199, 188.8.131.52, 184.108.40.206, 17.1.1
Opened: Jun 07, 2023 Severity: 2-Critical
Starting from 16.0.0, given DTLSv1.2 support, "no-dtlsv1.2" option is newly available on SSL profile. Default value is "no-dtlsv1.2" option enabled. While upgrading from older version to 16.0.0 or later, by default "no-dtlsv1.2" option is to be automatically enabled with following notification message. > bigip1 warning mcpd[XXXX]: 0107185a:4: Warning generated, for version 16.0.0 or greater : /Common/[SSL-profile-name], default option no-dtlsv1.2 set. However, when user directly upgrades from v14.x/v15.x to v17.1.0, "no-dtlsv1.2" option may not be automatically enabled on SSL profile.
After upgrade to 17.1.0, "no-dtlsv1.2" option may not be enabled on SSL profile.
- roll-forward upgrade from v14.x/v15.x to v17.1.0. upgrade from v16.x to v17.1.0 is not affected. - custom client|server-ssl profile configured on pre-upgrade version v14.x/v15.x
After upgrade to 17.1.0, manually enable "no-dtlsv1.2" option.