Bug ID 598052: SSL Forward Proxy "Cache Certificate by Addr-Port", cache lookup fails

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP All(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2

Fixed In:
13.0.0, 12.1.1

Opened: Jun 08, 2016
Severity: 2-Critical

Symptoms

When enabling the SSL Forward Proxy "Cache Certificate by Addr-Port" on the client SSL profile, later flows on cached certificate lookups by "Addr-Port" do not hit the cache.

Impact

The client side certificate lookup failed, it may trigger the server side SSL handshake.

Conditions

Enable SSL Forward Proxy and use "Cache certificate by Addr-Port".

Workaround

None

Fix Information

With this fix, the certificate lookup by "Addr-Port" may have a cache hit.

Behavior Change