Bug ID 669341: Category Lookup by Subject.CN will result in a reset

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP SWG(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:
12.1.3

Opened: Jun 15, 2017
Severity: 2-Critical

Symptoms

Category Lookup Agent is unable to find the Subject.CN, so it initiates an SSL Handshake failure. ==> /var/log/apm <== crit tmm[11181]: 01790602:2: [C] 10.20.100.1:11980 -> 10.11.10.101:443: (ERR_NOT_FOUND) Error processing URL Classification query from CatEngine

Impact

Cannot use Subject.CN as a data source for category lookup agent.

Conditions

Category Lookup agent configured to use Subject.CN. May also apply if a Category Lookup agent is configured to use SNI, but the client does not send an SNI, resulting in the agent trying to use the Subject.CN.

Workaround

None.

Fix Information

The category lookup agent is now able to find the Subject.CN.

Behavior Change