Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Opened: Feb 17, 2015 Severity: 3-Major
Use of Category Lookup by Subject.CN in a reverse proxy configuration will result in a connection reset.
Category Lookup by Subject.CN cannot be used in per-request policies for reverse proxy use. This will require SSL profiles with SSL forward proxy deployed for correct operation.
Category Lookup by Subject.CN requires the configuration of SSL forward proxy. Without this in place, the Subject.CN cannot be retrieved for use with Category Lookup.
To work around the problem, you can use Category Lookup by SNI for equivalent functionality.
None