Bug ID 666908: Default GTM HTTPS monitor no longer supports EXPORT ciphers

Last Modified: Jan 29, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP GTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4

Fixed In:
14.0.0

Opened: May 26, 2017
Severity: 3-Major

Symptoms

The default GTM https monitor (and its derivative built-in monitors like https_head_f5) supports EXPORT grade ciphers.

Impact

The node that GTM is monitoring is marked as GREEN/available.

Conditions

Default GTM HTTPS or its derivative built-in monitors like https_head_f5 are being used to monitor a node that only supports EXPORT ciphers.

Workaround

None.

Fix Information

Default GTM HTTPS monitor no longer supports EXPORT ciphers.

Behavior Change

The built-in GTM HTTPS monitor used to support EXPORT ciphers. This meant that monitoring a node that only supported EXPORT ciphers from GTM with the HTTPS monitor would result in the node being marked as GREEN/available. Now the built-in GTM HTTPS monitor (and its derivative built-in monitors like https_head_f5) no longer support EXPORT ciphers. If GTM is monitoring a node that only supports EXPORT ciphers with a default HTTPS monitor (or a derivative built-in like https_head_f5), then the node will be marked DOWN/offline. Note: If you want to continue monitoring a node from GTM that supports only EXPORT ciphers, you can create a custom HTTPS monitor and define the custom cipherlist field to allow EXPORT ciphers.