Bug ID 669341: Category Lookup by Subject.CN will result in a reset

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP SWG(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:

Opened: Jun 15, 2017
Severity: 2-Critical


Category Lookup Agent is unable to find the Subject.CN, so it initiates an SSL Handshake failure. ==> /var/log/apm <== crit tmm[11181]: 01790602:2: [C] -> (ERR_NOT_FOUND) Error processing URL Classification query from CatEngine


Cannot use Subject.CN as a data source for category lookup agent.


Category Lookup agent configured to use Subject.CN. May also apply if a Category Lookup agent is configured to use SNI, but the client does not send an SNI, resulting in the agent trying to use the Subject.CN.



Fix Information

The category lookup agent is now able to find the Subject.CN.

Behavior Change