Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0
Fixed In:
12.1.0, 12.0.0 HF1, 11.6.1, 11.5.4 HF2
Opened: Nov 14, 2014 Severity: 2-Critical Related Article:
K17491
This is due to using older versions of httpd (which includes mod_ssl ...). Newer versions of httpd as of 2.2.15-39 include the necessary support for TLSv1.1 and TLSv1.2.
No support is provided for TLSv1.1 and TLSv1.2.
Any older versions of httpd which are not upgraded to 2.2.15-39 or selectively patched for the mod_ssl component will not be able to provide support for TLSv1.1 and TLSv1.2. Note that in older releases, there is a dependency on openssl 1.0.1 for a backport of the mod_ssl changes to actually support TLSv1.1 and TLSv1.2.
Upgrade to one of the following: 12.0.0-hf1 - includes changes to mod_ssl 12.1.0 - includes update to httpd 2.2.15-39
Upgrade to httpd 2.2.15-39 (from el6.6) provides the needed changes to mod_ssl to support TLSv1.1 and TLSv1.2.