Forum Discussion

Nimbostratus

Oct 24, 2017

Adding Peer device issue

Hi Guys, I have a problem with my customer. We are working in Test Plant, where we would replace 2 F5 Viprion 4400 (version 11.4.1) with an F5 i2600 (version 12.1.2). I'm telling you what we wou...

Historic F5 Account

Oct 24, 2017

Greetings,

That seems resemble the following:

K54511423: The system includes insecure ciphers when a device adds another device to the device trust

https://support.f5.com/csp/article/K54511423

Did you happen to use this article to modify the HTTP cipher strength?

K13405: Restricting Configuration utility access to clients using high-encryption SSL ciphers (11.x)

https://support.f5.com/csp/article/K13405

Kevin

Andrea_Colombo_
Nimbostratus
Oct 25, 2017
Hello Kevin, thank you for your response. We tried the solution on K13405, but the problem is the same: iControl connection to 172.16.4.242 failed

Any idea?

BR

Andrea
Kevin_K_51432
Historic F5 Account
Oct 25, 2017
Hi Andrea,
I've not encountered this issue on any of my BIG-IPs. It looks like the default setting is:
tmsh list sys httpd ssl-protocol sys httpd { ssl-protocol "all -SSLv2 -SSLv3" }

Do you have the ability to set this on both devices and test?

tmsh modify sys httpd ssl-protocol "all -SSLv2 -SSLv3" save sys config load sys config restart sys service httpd

I know you intend to use stronger ciphers only, but it appears this is only possible in v13.0.0 per the bug mentioned above.

Thanks!
Kevin

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Adding Peer device issue

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

[APM] - How to clear the cached certificate for specific url

Problem with sending BotDefense logs to remote server

Audit Logging on LTM and GTM

Change Content-Type from application/octet-stream to multipart/form-data

What dose "Accept" do in BIG-IP ASM event logs

Related Content

BIG-IQ : Error when adding device

DEVICE-0202 Error while adding rSeries as a provider in CM

Error While Adding Peer Devices to Local Trust Domain

Device Management

why the device certificate verify failed when the device certificate is not expired?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS