Last Modified: Nov 07, 2022
BIG-IP AFM, ASM, LTM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 18.104.22.168, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 22.214.171.124
14.0.0, 126.96.36.199, 188.8.131.52
Opened: Sep 07, 2017 Severity: 3-Major Related Article:
Related Article: K31623549
The IP reputation daemon opens SSL connections to the Webroot BrightCloud server using TLS 1.0 protocol.
Because IP reputation services are used to accept/deny connections to critical business applications, there might be concerns about the service. Also some configurations might require that all transactions exfiltrating a PCI-controlled environment leverage secure protocols and ciphers, which won't be the case for IP reputation services.
This occurs when using IP reputation.
Webroot updated BrightCloud servers to support TLS 1.2. This is additional support. To preserve backward compatiblity, the servers support TLS 1.0, TLS 1.1, TLS 1.2, SSL 2.0 and SSL 3.0. In addition, this software version supports TLS 1.2 on the client side by customizing the SDK used by the IP reputation daemon.