Bug ID 629845: Disallowing TLSv1 connections to HTTP causes iControl/REST issues

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP TMOS(all modules)

Fixed In:
12.1.2 HF1

Opened: Nov 22, 2016

Severity: 3-Major

Symptoms

When HTTP disallows TLSv1 connections, UCS via iControl/REST fails with the following in the logs: [SEVERE][86][08 Nov 2016 16:47:20 UTC][com.f5.rest.icontrol.IControlRunnable] (iControl execution) AxisFault[; nested exception is: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]: [WARNING][87][08 Nov 2016 16:47:20 UTC][8100/tm/shared/sys/backup/52d67805-3aab-4260-8770-a690154c698e/worker UcsBackupTaskWorker] Failed to restore from backup: backup_test.ucs

Impact

iControl REST clients are unable to connect.

Conditions

This occurs when TLSv1 is explicitly disallowed in the HTTP profile.

Workaround

None.

Fix Information

Explicitly disallowing TLSv1 in the HTTP profile no longer causes iControl/REST issues.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips