Bug ID 682213: TLS v1.2 support in IP reputation daemon

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP AFM, ASM, LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,

Fixed In:

Opened: Sep 07, 2017

Severity: 3-Major

Related Article: K31623549


The IP reputation daemon opens SSL connections to the Webroot BrightCloud server using TLS 1.0 protocol.


Because IP reputation services are used to accept/deny connections to critical business applications, there might be concerns about the service. Also some configurations might require that all transactions exfiltrating a PCI-controlled environment leverage secure protocols and ciphers, which won't be the case for IP reputation services.


This occurs when using IP reputation.



Fix Information

Webroot updated BrightCloud servers to support TLS 1.2. This is additional support. To preserve backward compatiblity, the servers support TLS 1.0, TLS 1.1, TLS 1.2, SSL 2.0 and SSL 3.0. In addition, this software version supports TLS 1.2 on the client side by customizing the SDK used by the IP reputation daemon.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips