The controller GUI displays a controller fault warning message with a list of SSL profiles with "unsafe" ciphers.

Affects Version(s): 20.1.x, 21.1.x, 22.1.x, 30.1.x, 30.2.x

Starting versions 20.1.x, there was a change in the HTTP version used for the controller GUI with enforcement for HTTP/2.  This controller fault/warning was put in place to prevent GUI access issues via web browsers that fail with INADEQUATE_SECURITY.

The INADEQUATE_SECURITY error is caused by unsafe ciphers per the HTTP/2 RCF

RFC Documentation: https://tools.ietf.org/html/rfc7540#appendix-A

****NOTE****

This controller fault does not mean you have unsafe ciphers for other protocols for your application services.  This error ONLY applies to the controller GUI.

The controller fault "Unsafe ciphers used in SSL Profile" is not a issue rather a warning to prevent the controller GUI access issue.

If this Inventory Fault does not apply to your applications you may disable this warning via CLI.

Documentation: Faults in Avi Load Balancer System

CLI Commands:

> configure inventoryfaultconfig
> controller_faults
> no sslprofile_faults
> save
> save

However, please be aware that if an SSL profile with unsafe ciphers for HTTP/2 is selected for the controller system then you may lose access to the GUI.  If this occurs please contact technical support.