Bug ID 1126329: SSL Orchestrator with explicit proxy mode with proxy chaining enabled fails to send the CONNECT

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP Install/Upgrade, LTM(all modules)

Known Affected Versions:
17.1.0, 17.0.0, 16.1.3.1, 16.1.3, 16.1.2.2, 15.1.8, 15.1.7, 15.1.6.1

Fixed In:
17.1.0, 16.1.4, 15.1.9

Opened: Jul 13, 2022

Severity: 3-Major

Symptoms

SSL Orchestrator sends a TLS client hello instead of the expected HTTP CONNECT, leading to a failure in the client environment after an upgrade.

Impact

The exit proxy gives an HTTP 5xx error in response to the unexpected TLS Client Hello.

Conditions

SSL Orchestrator in explicit proxy mode with proxy chaining enabled

Workaround

None

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips