Last Modified: Nov 02, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2
Fixed In:
17.1.1, 16.1.4, 15.1.9
Opened: Dec 06, 2022 Severity: 2-Critical
Under few circumstances, an iRule selected server SSL profile can send previously configured certificate to the peer.
The TLS handshake may use an outdated certificate that does not match the current configuration, potentially leading to handshake failures.
The iRule command SSL::profile is used to select a profile that is not attached to the virtual server, and changes have been made to the profile.
Terminate all traffic running on the virtual servers that are using the iRule command for the update to take effect. or Do not make changes to a profile that is actively being used by the iRule command.
The server SSL profiles will now reloaded successfully after changes are made.