Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP DNS, GTM, Link Controller, LTM
Known Affected Versions:
11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.6.3.1, 11.6.3.2, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1
Fixed In:
13.0.0, 12.1.3.2, 11.6.3.3, 11.5.9
Opened: Apr 13, 2016 Severity: 3-Major
big3d accepts only TLS1.0, and gtmd offers only TLS1.0 during iQuery SSL handshake. iQuery does not negotiate up to TLS 1.2.
The older, less secure TLS1.0 version is the only possible iQuery connection.
Establishing iQuery connections.
None.
big3d now accepts, and gtmd now offers up to, TLS1.2 in iQuery handshakes. TLS1 and TLS1.1 are still accepted by both ends of the iQuery connection (gtmd and big3d) to enable older clients (gtmd) to connect to newer servers (big3d) and vice versa.
big3d now accepts TLS1.2 in iQuery handshakes, and gtmd now offers up to TLS1.2.