Bug ID 651067: SSL/TLS-based monitors now use ServerSSL profiles

Last Modified: Nov 22, 2021

Affected Product(s):
BIG-IP LTM(all modules)

Fixed In:

Opened: Mar 13, 2017

Severity: 3-Major


The configuration of SSL/TLS-based monitors might differ from how SSL/TLS is configured for other objects, such as SSL/TLS-based virtual servers.


Inconsistent configuration.


This applies to SSL/TLS-based monitors.



Fix Information

In this release, instead of specifying ciphers, certificates, keys, and SSL options via explicit parameters, an SSL-based monitor (HTTPS/TCP plus SSL) is configured with a ServerSSL Profile. This profile contain all of the necessary settings. The ciphers, certificates, and keys are directly analogous to the those in the previous method of monitor configuration. SSL/TLS options may be specified in a more fine-grained fashion than the previous method, which enabled all compatibility options, or disabled all of them.

Behavior Change

Previous versions of LTM monitors used explicit SSL/TLS settings for ciphers, certificates, and keys, as well as whether to enable compatibility options. In all prior releases, SSL options on HTTPS monitors were specified explicitly. With this change, HTTPS monitors get their SSL options from a named Server SSL Profile. The following options are retrieved from the profile: -- Cipher string or cipher group. -- Optional certificate and/or key. -- SSL Options. In prior releases, a compatibility flag could be enabled or disabled. When enabled, it turned on all SSL compatibility options; when disabled, all were turned off. With this change, individual SSL options can be specified in the profile.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips