Bug ID 1013181: TMM may produce core when dynamic CRL check is enabled on the client SSL profile

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP APM, LTM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 16.0.0,, 16.0.1,,

Fixed In:
16.1.0, 15.1.5

Opened: Apr 21, 2021
Severity: 2-Critical


Possible tmm crash during ssl handshake with client SSL virtual server when dynamic CRL check is used.


Traffic disrupted while tmm restarts.


All these 3 conditions need to be met. - Client Certificate is set to "request" on the client SSL profile or using APM "On-Demand Cert Auth" agent set to "request". - Dynamic CRL check is configured on the client SSL profile. - Client does not submit its client certificate to the virtual server.


- Configure Client Certificate "require" on the client SSL profile or, if using APM "On-Demand Cert Auth" agent, configure it to "require". or - Disable Dynamic CRL check. You can use static CRL file on the client SSL profile instead.

Fix Information


Behavior Change