Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.6.0, 12.0.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.1.0, 12.0.0 HF1, 11.6.1, 11.5.4 HF2
Opened: Nov 14, 2014 Severity: 2-Critical Related Article:
K17491
This is due to using older versions of httpd (which includes mod_ssl ...). Newer versions of httpd as of 2.2.15-39 include the necessary support for TLSv1.1 and TLSv1.2.
No support is provided for TLSv1.1 and TLSv1.2.
Any older versions of httpd which are not upgraded to 2.2.15-39 or selectively patched for the mod_ssl component will not be able to provide support for TLSv1.1 and TLSv1.2. Note that in older releases, there is a dependency on openssl 1.0.1 for a backport of the mod_ssl changes to actually support TLSv1.1 and TLSv1.2.
Upgrade to one of the following: 12.0.0-hf1 - includes changes to mod_ssl 12.1.0 - includes update to httpd 2.2.15-39
Upgrade to httpd 2.2.15-39 (from el6.6) provides the needed changes to mod_ssl to support TLSv1.1 and TLSv1.2.