Last Modified: May 29, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2
Fixed In:
17.0.0, 16.1.2.1, 15.1.5, 14.1.4.5
Opened: Mar 03, 2021 Severity: 3-Major
Under some circumstances, an iRule-selected SSL profile may a send previously configured certificate to the peer.
The TLS client may receive an outdated certificate that does not match with the current configuration, potentially leading to handshake failures.
iRule command SSL::profile is used to select a profile that is not attached to the virtual server, and changes have been made in the profile's cert-key-chain field.
Avoid making changes to a profile that is actively being used by the iRule command.
The system now makes sure that SSL profiles are properly reloaded after changes are made.