Last Modified: May 29, 2024
Affected Product(s):
BIG-IP LTM
Fixed In:
17.1.0, 16.1.2.2
Opened: Jan 01, 2021 Severity: 3-Major
SSL handshake failures occur with the backend server revoked certificate in case of reverse proxy.
Ssl handshake failures due to revoked server certificate
1. BIG-IP LTM configured as SSL reverse proxy. 2. revoked-cert-status-response-control set to ignore in the server ssl profile. 3. server certificate authentication set to "require" in the server ssl profile.
1. Set the server certificate authentication to ignore in the server ssl profile.
Added checks to validate the certificate as well as the flags set (ignore/drop) for the revoked certificate.