Bug ID 482304: Prohibit configuring certificate/key on serverssl when SSL forward proxy is enabled

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4

Fixed In:
12.0.0

Opened: Oct 02, 2014
Severity: 3-Major
Related AskF5 Article:
K32239061

Symptoms

SSL Forward Proxy does not support server side client authentication. When SSL Forward Proxy is enabled, a Server SSL profile configured with client SSL certificates does not send CertificateVerify. The result is SSL connection can not be established.

Impact

SSL connection cannot be established.

Conditions

A certificate and key on server ssl profile is configured, and forward proxy is enabled.

Workaround

This issue has no workaround at this time.

Fix Information

SSL Forward Proxy does not support server-side client authentication. The fix is to prohibit configuring key/certificate fields in server SSL profile when forward proxy is enabled.

Behavior Change