Bug ID 1056941: HTTPS monitor continues using cached TLS version after receiving fatal alert.

Last Modified: Apr 26, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,,,, 16.1.4,,,, 17.0.0,,, 17.1.0,,,, 17.1.1,,,

Opened: Oct 24, 2021

Severity: 3-Major


After an HTTPS monitor completes successfully, the TLS version is cached and used for subsequent monitor probes. If the back end server TLS version changes between monitor polls and no longer allows the cached TLS version, the back end server correctly sends a fatal alert to the BIG-IP in response to the no longer allowed TLS version. The BIG-IP will continue to use the cached, now prohibited, version in all subsequent probes resulting in a false down resource until the cached information is cleared on the BIG-IP.


BIG-IP continues to send prohibited TLS version and reports the member as down.


ClientSSL profile is changed on backend BIG-IP device's virtual server,


-- Delete and re-add pool member. -- Change HTTPS monitor to any other monitor (including another HTTPS monitor) and then back. -- Restart bigd with "bigstart restart bigd" - Note that this impacts all monitoring on the BIG-IP. -- Restart BIG-IP - Note that this impacts all traffic on the BIG-IP.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips