TLS Support for the LM-5500

0

Hey all,

We have a couple of LM-5500s in our environment running in HA mode. It's currently running an old OS version of 5.1-71. We're going to upgrade to the latest possible version for this hardware. The latest for the LM-5500s is 7.0-10i because the latest is not suitable for the LM-5500 according to what's written on the Current GA Release site:

https://support.kemptechnologies.com/hc/en-us/articles/202433868-Current-GA-Release

NOTE: This firmware is not suitable for LM-2000, LM-2500, LM-3500,LM-5500 and the LM-5305-FIPS. For available firmware for these products please click here

We have an application that requires TLS v1.1 at a minimum as they are going away from TLS v1.0 due to security concerns. However, it's not quite clear on the KEMP support site what versions of TLS are supported with each version of the LoadMaster OS. So would anyone know the answer as to which versions of KEMP LoadMaster OS support the different versions of TLS?

Thanks,

John

 

 

2 comments

Avatar
1
Mark Deegan

Hello John,

the Lm5500 at 7.0.10i supports TLS up to 1.2. The only issue is that the unit at the firmware version will not support disabling the older SSL versions even though they do support the newer versions. The Lm5500 was End of sale as of may 2012 and is end of support in 2017. The replacement model is the Lm5600 which will go to the latest version of firmware (7.1.34) and supports disabling the SSLv3 TLS 1.0 and TLS 1.1 individually. If you require an upgrade or would like a quote please let me know and i will get them for you. 

On the firmware upgrade there is a path to follow to ensure success. Please upgrade first to 5.1.74 then to 6.0.42 and then to 7.0.10i. we would recommend as a best practice to backup both your certificates and the the configuration before each firmware upgrade.

If you would like assistance with this upgrade of your units please call our support number for your region and ask for me.

regards

Mark

Avatar
0
john.ceci

Hey Mark,

Thanks for the response and for confirming. Do you know if this is written specifically in any documentation on the KEMP website? Because I don't see it written anywhere in the v7.0-10i Release Notes. I'd like to have a reference document for our client. 

Thanks,

John