Last Modified: Nov 07, 2022
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3
Fixed In:
13.1.0, 13.0.1, 12.1.3
Opened: Jun 20, 2017 Severity: 1-Blocking
Forward proxy not working correctly when the server certificates are ignored. SSL forward proxy does not create the server certchain when ignoring server certificates, this prevents the client side from trusting the server cert and the SSL handshake hangs and fails after timeout.
Client cannot establish SSL connection with server due to SSL handshake always timing out.
-- SSL forward proxy or SSL intercept is configured. -- Ignore server certificate configured in the server SSL profile.
None.
The system now generates the server certchain (even when the server SSL profile ignores server certificates) and passes it to the client SSL, so that the client SSL can forge the cert and finish the SSL handshake.