Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2
Fixed In:
15.0.0, 14.1.2.3, 13.1.1.5
Opened: Nov 16, 2018 Severity: 3-Major
An HTTPS monitor using a client certificate configured in the server-ssl profile fails to send the certificate during the SSL handshake. A tcpdump shows a 0-byte certificate being sent.
SSL handshake might fail to complete and the HTTPS monitor fails.
-- In-tmm monitoring is disabled (default). -- The server-ssl profile has been modified but without changing the configured certificate or key. The resulting message passed from mcpd to bigd will contain only the incremental modification to the profile, which bigd treats as a complete profile, meaning that it is possible for the certificate and key parameters to be lost.
Restart bigd process by running the following command: bigstart restart bigd
mcpd now sends the full profile configuration to bigd upon modification.