Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.0.0
Opened: Jul 01, 2016 Severity: 3-Major
Changes were made to DEFAULT in LTM SSL profiles in order to improve SSL ciphersuite group selection. When "DEFAULT" group is used, the following changes have been made. Original Default Ciphersuite Group RSA+DH RSA RSA+ECDH Original Default + ECDHE_ECDSA RSA+DH RSA RSA+ECDH ECDSA+ECDH Update to: "DEFAULT" will contain ciphersuites in the following categories in this order in the BIG-IP system's view: RSA+ECDH RSA ECDSA+ECDH RSA+DH In addition, each category will be sorted by speed with AES-128-equivalent as the minimum strength (commonly referred to as "128-bit security strength").
Changes were made to DEFAULT in LTM SSL profiles in order to improve SSL ciphersuite group selection when "DEFAULT" group is used.
This is the new default in this release.
None. This is cosmetic.
"DEFAULT" contains ciphersuites in the following categories in this order in the BIG-IP system's view: RSA+ECDH RSA ECDSA+ECDH RSA+DH In addition, each category will be sorted by speed with AES-128-equivalent as the minimum strength (commonly referred to as "128-bit security strength").
Changes were made to DEFAULT in LTM SSL profiles in order to improve SSL ciphersuite group selection. When "DEFAULT" group is used, the following changes have been made. Original Default Ciphersuite Group RSA+DH RSA RSA+ECDH Original Default + ECDHE_ECDSA RSA+DH RSA RSA+ECDH ECDSA+ECDH Update to: "DEFAULT" will contain ciphersuites in the following categories in this order in the BIG-IP system's view: RSA+ECDH RSA ECDSA+ECDH RSA+DH In addition, each category will be sorted by speed with AES-128-equivalent as the minimum strength (commonly referred to as "128-bit security strength").