Last Modified: Oct 19, 2025
Affected Product(s):
BIG-IP APM, SSLO
Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3, 16.1.3.4, 16.1.3.5, 16.1.4, 16.1.4.1, 16.1.4.2, 16.1.4.3, 16.1.5, 16.1.5.1, 16.1.5.2, 16.1.6, 16.1.6.1, 17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1, 17.1.2.2, 17.1.3, 17.5.0, 17.5.1, 17.5.1.2, 17.5.1.3
Opened: Aug 21, 2025 Severity: 3-Major
BIG-IP intercepts traffic and presents a forged certificate to the client instead of the server's certificate. The log message "SSL action will not take effect, the handshake has alreadybeen processed" is logged in /var/log/apm
Instead of bypassing traffic, the BIG-IP intercepts it.
-- APM Per Request Policy that uses SSL Bypass Set. -- A server sends application data immediately after finishing the handshake, along with the client side connection acting slow on its processing. This seems to be the case if the Application-Layer Protocol Negotiation extension is enabled on the client ssl profile, though does not happen every time.
In an SSL Orchestrator context, if the policy is has the ability to use Bypass(Client Hello) for a rule, use that or rearrange the rule order so that type of bypass can be used.
None