Bug ID 507419: Category Lookup by Subject.CN cannot be used in Per-Request policies for reverse proxy use.

Last Modified: Jan 27, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4

Opened: Feb 17, 2015
Severity: 3-Major

Symptoms

Use of Category Lookup by Subject.CN in a reverse proxy configuration will result in a connection reset.

Impact

Category Lookup by Subject.CN cannot be used in per-request policies for reverse proxy use. This will require SSL profiles with SSL forward proxy deployed for correct operation.

Conditions

Category Lookup by Subject.CN requires the configuration of SSL forward proxy. Without this in place, the Subject.CN cannot be retrieved for use with Category Lookup.

Workaround

To work around the problem, you can use Category Lookup by SNI for equivalent functionality.

Fix Information

None

Behavior Change