Bug ID 691955: Attempt to restore a backup on BIG-IP 11.5.4 fails

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IQ Platform(all modules)

Opened: Nov 01, 2017

Severity: 3-Major

Symptoms

Attempt to restore a backup of BIG-IP version 11.5.4 from BIG-IQ fails with this type of error in /var/log/restjavad.0.log: [SEVERE][70952][06 Oct 2017 10:45:49 UTC][com.f5.rest.icontrol.IControlRunnable][logErrorMsg] (iControl execution) AxisFault[; nested exception is: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure]:

Impact

Unable to restore the backup to BIG-IP

Conditions

The managed BIG-IP HTTP ciphersuite is set to use TLS1.2 only: sys httpd { ssl-sslciphersuite "NONE:AESGCM+ECDSA+TLSv1.2:AESGCM+EDH+aRSA+TLSv1.2:DHE-RSA-AES256-SHA256+TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384" }

Workaround

Several workarounds are available: 1) Change the cipher to default: sys httpd { ssl-ciphersuite ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!RC4:!SEED:!3DES } 2) Upgrade the BIG-IP to version 12.1 or above

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips