Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6
Fixed In:
13.1.0, 13.0.0 HF1
Opened: Jan 12, 2017 Severity: 3-Major
The system caches a forged certificate when Forward Proxy (FWDP) server-side soft_vfyresult shows an untrusted CA or an expired cert. There is no method of overriding that behavior.
No method to override the caching behavior.
Using FWDP. Server-side soft_vfyresult shows an untrusted CA or an expired cert.
None.
In this release, you can configure SSL forward proxy to not cache the forged certificate on the client side if the server-side SSL enables the sys db variable tmm.ssl.servercert_softval and the backend server certificate soft verify_result showing a 'untrusted CA' or 'expired certificate'.
In this release, you can configure SSL forward proxy to not cache the forged certificate on the client side if the server-side SSL enables the sys db variable tmm.ssl.servercert_softval and the backend server certificate soft verify_result showing a 'untrusted CA' or 'expired certificate'.