Bug ID 1014085: SSL Orchestrator traffic summary logs incorrectly identify decryption-status

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP SSLO(all modules)

Fixed In:
17.0.0

Opened: Apr 23, 2021

Severity: 3-Major

Symptoms

SSL Orchestrator traffic summary log (in /var/log/apm) incorrectly identifies decryption-status as 'decrypted' when the TLS handshake is incomplete.

Impact

Traffic summary log in /var/log/apm incorrectly identifies decryption status.

Conditions

-- SSL Orchestrator is licensed and provisioned. -- Per-request policy or security policy is defined and attached to Virtual server. -- Per-request policy log level is set to Info.

Workaround

None

Fix Information

SSL Orchestrator traffic summary log now correctly identifies decryption-status as 'NA' when tls handshake is incomplete. Two new fields cleint & server tls-handshake-status also got added to indicate handshake status of each side.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips