F5 Networks Response to US-CERT Alert (TA17-075A) HTTPS Interception Weakens TLS Security

There are ongoing discussions about changing the defaults. The current defaults allow it to work 'out of the box' in most environments by being generous in what they accept, but that requires users to tighten the settings if they desire increased validation. However, the defaults are regularly reviewed and could be changed in future releases. Since it is a behavior change this would most likely be in a major release.