Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP AFM, ASM, LTM
Known Affected Versions:
12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1
Fixed In:
14.0.0, 13.1.0.2, 12.1.3.2
Opened: Sep 07, 2017 Severity: 3-Major Related Article:
K31623549
The IP reputation daemon opens SSL connections to the Webroot BrightCloud server using TLS 1.0 protocol.
Because IP reputation services are used to accept/deny connections to critical business applications, there might be concerns about the service. Also some configurations might require that all transactions exfiltrating a PCI-controlled environment leverage secure protocols and ciphers, which won't be the case for IP reputation services.
This occurs when using IP reputation.
None.
Webroot updated BrightCloud servers to support TLS 1.2. This is additional support. To preserve backward compatiblity, the servers support TLS 1.0, TLS 1.1, TLS 1.2, SSL 2.0 and SSL 3.0. In addition, this software version supports TLS 1.2 on the client side by customizing the SDK used by the IP reputation daemon.