Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP SWG
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4
Fixed In:
12.0.0, 11.6.0 HF5
Opened: Mar 26, 2015 Severity: 3-Major Related Article:
K17137
When accessing HTTPS websites (via SWG) that present a certificate without a CN in the subject, a TMM crash occurs.
Traffic disrupted while tmm restarts.
SWG explicit or transparent proxy using Category Lookup in the per-request access policy with Subject.CN as input. The crash only happens when accessing a site that has no CN in the Certificate's subject - this is not a common condition.
Use Category lookup with SNI as input.
When Category Lookup is configured to use Subject.CN as input, if the certificate subject does not contain a CN, APM processes the error correctly by logging an error.