Manual Chapter :
New Features in BIG-IP Version 14.1.5
Applies To:
Show Versions
BIG-IP AAM
- 14.1.5
BIG-IP APM
- 14.1.5
BIG-IP Analytics
- 14.1.5
BIG-IP Link Controller
- 14.1.5
BIG-IP LTM
- 14.1.5
BIG-IP PEM
- 14.1.5
BIG-IP AFM
- 14.1.5
BIG-IP DNS
- 14.1.5
BIG-IP FPS
- 14.1.5
BIG-IP ASM
- 14.1.5
New Features in BIG-IP Version 14.1.5
New in APM
BIG-IP version 14.1.5 introduces the following new features for
APM.
CRLDP Maximum Size Cache Support
For the CRLDP cache cleanup, a Max Cache Size is configurable
through a tmsh sys db variable configuration path as
modify sys db
apm.crldp.maxcacheentries
to check and limit the maximum entries of the
CRLDP cache. If the number of cache entries reaches the configured cache size limit,
a cache entry that is least recently used (LRU) is removed and a new entry is
populated into the cache. You can set the cache size value between 0 to 10,000
entries. The maximum number of entries allowed is 10,000 entries which is a default
value set for the Cache size option.HTTP Auth Timeout Support
With this release, Connection Timeout and Request Timeout options
are configurable through a tmsh sys db variable configuration path as
modify sys
db APM.HTTP.ConnectionTimeout
and modify sys db
APM.HTTP.RequestTimeout
respectively for the HTTP authentication at the
global level. The Connection Timeout value determines the maximum time that allows
the connection phase from BIG-IP to the HTTP server. If the BIG-IP cannot establish
a TCP connection within a specified time, client will be receiving an appropriate
error. The Request Timeout value determines the maximum timeout value on each
attempt of the HTTP request which means the maximum time to wait for the HTTP
response returned from the server after a connection is established. If BIG-IP does
not receive HTTP response within a specified time from the Authentication Server,
the appropriate error would be returned. The default values of Connection Timeout
and Request Timeout are 10 seconds and 60 seconds respectively.TLS 1.2 AES GCM ciphers support for OAuth Provider
Discovery
Starting January 31, 2022, Microsoft has discontinued support for
Transport Layer Security (TLS) 1.0/1.1/3DES cipher suites due to potential protocol
downgrade attacks and other TLS vulnerabilities. Microsoft Azure AD plans to phase
out support for the TLS 1.0/1.1/3DES cipher suites and implement a secure TLS 1.2
cipher suite that supports the secure transmission of data between clients and
servers. Therefore, Microsoft Azure AD chooses the following TLS 1.2 AES GCM cipher
suites during the TLS handshake:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
In addition, the latest version of the OpenShift Container
Platform recommends the use of the most secure TLS 1.2 AES GCM cipher suite over
previous weak cipher suites. Due to the use of weak TLS 1.0, 1.1, 3DES cipher
suites, the Oauth provider discovery module option does not function. TLS 1.2 AES
GCM cipher suites support is added to resolve the Oauth provider discovery
failures.
