Bug ID 1012645: Config load fails with HTTP2 profile when serverssl has renegotiation enabled

Last Modified: Jul 23, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade, LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0

Opened: Apr 20, 2021
Severity: 4-Minor

Symptoms

Configuration load fails with an error: 0107186b:3: Invalid "enforce-tls-requirements" value for profile /Common/http2. In Virtual Server (/Common/vs1) an http2 profile with enforce-tls-requirements enabled is incompatible with client-ssl/server-ssl profile with renegotiation enabled. Value must be disabled. Unexpected Error: Loading configuration process failed.

Impact

The configuration fails to load.

Conditions

Virtual server with: 1. Clientssl profile with renegotiation disabled. 2. Serverssl profile with renegotiation enabled. 3. The HTTP2 profile is attached to the client side only.

Workaround

Manually disable renegotiation on the serverssl profile, then reload the configuration.

Fix Information

None

Behavior Change