Bug ID 504387: SSL profile goes into passthrough mode

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9

Fixed In:
12.0.0

Opened: Feb 03, 2015
Severity: 3-Major

Symptoms

TMM fails to log any error messages when the SSL COMPAT stack fails to initialize successfully. This sort of failure causes the SSL profile as a whole to fail its initialization, and go into a pass-through mode. And there is *NO* error message to log this issue so it is difficult to debug.

Impact

The SSL profile will go into passthrough mode. There is no error message to log when the SSL COMPAT stack fails to initialize successfully.

Conditions

Configure an unsupported COMPAT cipher-suite like "COMPAT+DES-CBC-SHA".

Workaround

Avoid configuring profiles with unsupported cipher suites.

Fix Information

We will log the error message showing the reason of the failure when such issue happens.

Behavior Change