Bug ID 659399: HTTPS monitors might share one SSL profile

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Fixed In:
13.1.0

Opened: Apr 19, 2017
Severity: 3-Major

Symptoms

Each HTTPS monitor has its own cert, key, cipherlist, compatibility, and partition attributes for SSL-related functionality. Depending on the configuration, hardware, and number of HTTPS monitors, rolling forward a configuration with a number of HTTPS monitors might impact performance, memory usage, capacity, and compatibility.

Impact

Potential impact on performance, memory usage, capacity, and compatibility as the roll-forward process creates each HTTPS monitor.

Conditions

These attributes of HTTPS monitors are of the same values: cert, key, cipherlist, compatibility, and partition, but occur in multiple HTTPS monitors.

Workaround

N/A

Fix Information

To streamline the number of SSL profiles when rolling forward HTTPS monitors, if multiple HTTPS monitors contain attributes (cert, key, cipherlist, compatibility, and partition), with the same values, the monitors with same-value attributes will share one SSL profile, instead of having multiple sets of attributes, one for each HTTPS monitor. Note: Although there are fewer SSL profiles, if you want to change any of these attributes for one specific HTTPS monitor, you might have to add an SSL profile for it.

Behavior Change

Original behavior: Each HTTPS monitor has its own cert, key, cipherlist, compatibility, and partition attributes for SSL-related functionality. New behavior: These SSL-related attributes are deprecated, and an SSL profile is created in lieu of those attributes. When rolling forward, instead of creating one SSL profile for each HTTPS monitor, one SSL profile will be shared by possibly many HTTPS monitors, if the specified attributes are of the same value.