Default clientssl ciphers different between HA pair on same version

Question

Running 11.4.1 on an HA pair and when the standby became active, even though the configs were in sync, it was discovered that the parent CSSL profile 'clientssl' was not in sync - it had a custom set of ciphers on the primary LTM, but was set to DEFAULT on the standby.  It allowed SSLv3 and RC4 when the standby unit was active, but they are disabled on the primary.  I corrected the cipher list to be more exclusive and sync status never changed to 'out of sync'.&nbsp;
Is that bit of config not replicated between HA devices? Seems like an odd choice to be by design, but that's what it looks like.&nbsp;

kevin_49772 · Accepted Answer

FYI to anyone else.&nbsp;
SOL14289: Changes made to base profiles are not synchronized to other hosts in a device group&nbsp;
Fixes Introduced In 11.5.0&nbsp;
https://support.f5.com/kb/en-us/solutions/public/14000/200/sol14289.html&nbsp;

Forum Discussion

Default clientssl ciphers different between HA pair on same version

Recent Discussions

Problem with lets encrypt and redirect after update

Should config via cli rather than gui?

Is a Dedicated Interface, VLAN, and Self IP Required for a VIP in an F5 Configuration?

question about getting hsl data to be formatted properly in splunk

iRule for client certificate verification and inserting CN

Related Content

limit to number of clientssl profiles

BASH Script to find ClientSSL's mapped to Virtual Servers

Copper SFP Differences

Make a copy of all existing clientssl profiles requiring TLS1.2

Different policies same destination and pool

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS