Last Modified: Nov 22, 2021
Affected Product(s):
BIG-IP Install/Upgrade, LTM
Known Affected Versions:
13.0.0, 12.1.3, 12.1.2, 12.1.1, 12.1.0, 12.0.0
Fixed In:
13.1.0
Opened: Feb 15, 2017 Severity: 3-Major Related Article:
K23105004
BIG-IP drops all SHA256 and SHA384 ciphers in the advertised ciphers list in the Client Hello when initiating LDAP/TLS with a pool member (in the case of a monitor). The same behavior is also seen for BIG-IP system auth via LDAP or AD when TLS is used.
Servers requiring SHA for LDAP/TLS authentication will no longer be able to authenticate. This could suddenly break LDAP auth if you are upgrading from version 11.x where SHA256 and SHA384 existed.
You have LDAP servers requiring SHA256 and SHA384 ciphers for LDAP/TLS authentication.
Configure LDAP servers not to be dependent on SHA256 and SHA384 ciphers.
The BIG-IP system now supports SHA256 and SHA384 ciphers in the advertised ciphers list in the Client Hello when initiating LDAP/TLS with a pool member (in the case of a monitor). You also see the same behavior for the BIG-IP system auth by way of LDAP or AD when TLS is used.
The BIG-IP system now supports SHA256 and SHA384 ciphers in the advertised ciphers list in the Client Hello when initiating LDAP/TLS with a pool member (in the case of a monitor). You also see the same behavior for the BIG-IP system auth by way of LDAP or AD when TLS is used.