Forum Discussion
AltostratusPlanned upgrade to v14
When we upgraded from v12.1 to v13.1 we had some issues with some legacy software (that we cant upgrade or replace) that used I.E.8 with Windows XP.
The issues stemmed from the "pulling up the drawbridge" on 3DES cipers on the SSL stuff.
We successfully added the 168bit ciphers back in, but not after some heart stopping moments and some gnashing of teeth.
I have had a look at the release notes (that I could find) and there doesnt seem to be any indication of any changes to the SSL suites.
Could anyone envisage any issues with upgrading to v14.1 (when it is out) with reference to SSL suites?
I could be doing "boy" looking, but if anyone could point me in the direction of what is changing in 14.1, that would be very much appreciated
Duncan_Proffitt*bump .. anything anyone?
Ryan77777Altocumulus
iRule changes:
https://devcentral.f5.com/wiki/iRules.BIGIP_LTM_v14_0_0.ashx https://devcentral.f5.com/wiki/iRules.BIGIP_LTM_v14_1_0.ashx
Release notes:
https://downloads.f5.com/esd/serveDownload.jsp?path=/big-ip/big-ip_v14.x/14.1.0/english/14.1.0/&sw=BIG-IP&pro=big-ip_v14.x&ver=14.1.0&container=14.1.0&file=BIGIP-14.1.0-0.0.116.html https://downloads.f5.com/esd/serveDownload.jsp?path=/big-ip/big-ip_v14.x/14.0.0/english/14.0.0/&sw=BIG-IP&pro=big-ip_v14.x&ver=14.0.0&container=14.0.0&file=BIGIP-14.0.0-0.0.2187.html
What's New:
https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-14-0-0.html https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnote-bigip-14-1-0.html
Andy_McGrathCumulonimbus
If you’re using the DEFAULT group in your cipher suite SSL definitions you can check the following articles and compare the versions for changes:
K13156: SSL ciphers used in the default SSL profiles (11.x - 13.x)
K54125331: SSL ciphers used in the default SSL profiles (14.x)
Another option is to run the following on each version and compare the output (you will need a BIG-IP running each version you want to check)
tmm --clientciphers DEFAULTYou can even check your cipher suites definition from your SSL Profile using that command just replace DEFAULT with your cipher suites definition and compare the output e.g.
tmm --clientciphers DEFAULT:3DES:!MD5- Alan_B__139698
Duncan, have you upgraded yet? If so, how did it go...any issues? I'm testing v14.0.0.2 using a lab VE, and tried upgrading to 14.1.0, but I got a message after the reboot saying the configuration had not yet loaded. Eventually, I gave up and booted the lab VE again, but got the same thing. v14 does seem to be a little different beast than v11, v12 or v13 - when it comes to upgrades anyway. On thing I did notice in v14.0.0.2 was I could no longer view the local user database for APM - thus the failed attempt to upgrade to 14.1.0. But, anyway...
- Duncan_Proffitt
The config not being loaded means it needs to have the product license renewing.
https://support.f5.com/csp/article/K7752
At the moment, all is tickety boo and 14.1 is running without issues.
There was a moment when the ASM wasnt synchronising, but that was resolved when we rolled back and then reinstalled.
- Alan_B__139698
Ah, got it. Thanks for the tip!