Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP GTM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1
Fixed In:
14.0.0
Opened: May 26, 2017 Severity: 3-Major
The default GTM https monitor (and its derivative built-in monitors like https_head_f5) supports EXPORT grade ciphers.
The node that GTM is monitoring is marked as GREEN/available.
Default GTM HTTPS or its derivative built-in monitors like https_head_f5 are being used to monitor a node that only supports EXPORT ciphers.
None.
Default GTM HTTPS monitor no longer supports EXPORT ciphers.
The built-in GTM HTTPS monitor used to support EXPORT ciphers. This meant that monitoring a node that only supported EXPORT ciphers from GTM with the HTTPS monitor would result in the node being marked as GREEN/available. Now the built-in GTM HTTPS monitor (and its derivative built-in monitors like https_head_f5) no longer support EXPORT ciphers. If GTM is monitoring a node that only supports EXPORT ciphers with a default HTTPS monitor (or a derivative built-in like https_head_f5), then the node will be marked DOWN/offline. Note: If you want to continue monitoring a node from GTM that supports only EXPORT ciphers, you can create a custom HTTPS monitor and define the custom cipherlist field to allow EXPORT ciphers.