Bug ID 427393: BIG-IP serverssl "Untrusted Certificate Response Control" with ignore option does not ignore self-signed untrusted certificate.

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.4.1 HF9

Opened: Aug 07, 2013
Severity: 3-Major
Related Article:
K15100

Symptoms

In serverssl profile, if set "Untrusted Certificate Response Control" to ignore. When backend server sends self-signed untrusted certificate, BIG-IP should ignore it.

Impact

BIG-IP should ignore the self-signed untrusted certificate, treat the certificate as valid and continue the handshake instead drop the handshake.

Conditions

Serverssl profile set "Untrusted Certificate Response Control" to ignore When backend server sends self-signed untrusted certificate

Workaround

None.

Fix Information

Ignore the self-signed untrusted certificate when serverssl profile sets "Untrusted Certificate Response Control" to ignore.

Behavior Change