Last Modified: May 29, 2024
Affected Product(s):
BIG-IP APM, LTM
Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2
Fixed In:
16.1.0, 15.1.5
Opened: Apr 21, 2021 Severity: 2-Critical
Possible tmm crash during ssl handshake with client SSL virtual server when dynamic CRL check is used.
Traffic disrupted while tmm restarts.
All these 3 conditions need to be met. - Client Certificate is set to "request" on the client SSL profile or using APM "On-Demand Cert Auth" agent set to "request". - Dynamic CRL check is configured on the client SSL profile. - Client does not submit its client certificate to the virtual server.
- Configure Client Certificate "require" on the client SSL profile or, if using APM "On-Demand Cert Auth" agent, configure it to "require". or - Disable Dynamic CRL check. You can use static CRL file on the client SSL profile instead.
None