Bug ID 576311: HTTP Strict Transport Security (HSTS) configuration error when no clientssl profile is present

Last Modified: Feb 27, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4

Fixed In:
13.0.0

Opened: Feb 25, 2016
Severity: 3-Major
Related AskF5 Article:
K41335027

Symptoms

A configuration error is encountered when creating or modifying a virtual server with HTTP profile and no "clientssl" (or derived) profile attached, when HTTP Strict Transport Security (HSTS) is enabled.

Impact

Error while configuring a virtual server with HTTP profile and no "clientssl" (or derived) profile attached, when HTTP Strict Transport Security (HSTS) is enabled.

Conditions

Creating or modifying a virtual server with HTTP profile and HTTP Strict Transport Security (HSTS) enabled, when no clientssl or derived profile is attached to the virtual server.

Workaround

Add a "clientssl" (or derived) profile to the virtual server with HTTP profile and HTTP Strict Transport Security (HSTS) enabled.

Fix Information

The system now provides validation of HTTP Strict Transport Security (HSTS) to require 'clientssl' (or derived) profile profile to a virtual server with HTTP profile and HTTP Strict Transport Security (HSTS) enabled.

Behavior Change