Bug ID 427393: BIG-IP serverssl "Untrusted Certificate Response Control" with ignore option does not ignore self-signed untrusted certificate.

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF9

Opened: Aug 07, 2013

Severity: 3-Major

Related Article: K15100

Symptoms

In serverssl profile, if set "Untrusted Certificate Response Control" to ignore. When backend server sends self-signed untrusted certificate, BIG-IP should ignore it.

Impact

BIG-IP should ignore the self-signed untrusted certificate, treat the certificate as valid and continue the handshake instead drop the handshake.

Conditions

Serverssl profile set "Untrusted Certificate Response Control" to ignore When backend server sends self-signed untrusted certificate

Workaround

None.

Fix Information

Ignore the self-signed untrusted certificate when serverssl profile sets "Untrusted Certificate Response Control" to ignore.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips