Bug ID 681814: Changes to a cipher group are not propagated to SSL profiles until the configuration is reloaded

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4

Fixed In:
14.0.0, 13.1.3.5

Opened: Sep 05, 2017

Severity: 3-Major

Symptoms

Changes to a cipher group, even indirect changes such as changing an underlying cipher rule, will not be propagated to the SSL profiles until the configuration is reloaded.

Impact

The available ciphers on an SSL profile might not be as expected.

Conditions

-- An SSL profile is using cipher groups (instead of the cipher string). -- Some changes are made to that group.

Workaround

You can use either of the following workarounds: -- Always reload the configuration after changing a cipher group. -- Use the existing cipher string mechanism instead.

Fix Information

With this change, changes to a cipher group are correctly propagated to the SSL profiles, so no configuration reload is required.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips