Last Modified: Oct 17, 2023
Affected Product(s):
BIG-IP SWG
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2
Fixed In:
12.0.0, 11.6.0 HF5
Opened: Mar 26, 2015 Severity: 3-Major Related Article:
K17137
When accessing HTTPS websites (via SWG) that present a certificate without a CN in the subject, a TMM crash occurs.
Traffic disrupted while tmm restarts.
SWG explicit or transparent proxy using Category Lookup in the per-request access policy with Subject.CN as input. The crash only happens when accessing a site that has no CN in the Certificate's subject - this is not a common condition.
Use Category lookup with SNI as input.
When Category Lookup is configured to use Subject.CN as input, if the certificate subject does not contain a CN, APM processes the error correctly by logging an error.