Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP LTM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3
Fixed In:
13.1.1.4
Opened: Sep 12, 2018
Severity: 2-Critical
Related Article:
K21942600
Clientssl accepts Non-SSL traffic even when "Non-SSL Connections" is disabled.
Connections to VIP with clientssl profile are not encrypted. If SSL client authentication is enabled, plaintext request is successful meaning that client can get access to resources otherwise requiring a valid client certificate.
In clientssl profile, Cipher Group is configured and one of the "No SSL/TLS/DTLS" option is enabled.
Use Cipher String instead of Cipher Group when configuring clientssl profile.
Properly validate cipher suites in a cipher group before use.
