Bug ID 674106: Allow multiple client SSL profiles on a virtual server with different security requirements

Last Modified: May 01, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5

Fixed In:
14.0.0

Opened: Jul 14, 2017
Severity: 3-Major

Symptoms

When multiple client SSL profiles are attached to a virtual server, each must share the same ciphers, authenticate, authenticate depth, peer-cert mode, and, if peer-cert mode is require, CRL. Otherwise, the system posts an error similar to the following: 0107157c:3: Selected client SSL profiles do not match security policies for Virtual Server <vs-name>.

Impact

Error message. Cannot attach multiple, differing client SSL profile.

Conditions

1. Create two client SSL profiles, one of which requires client certificate and the other does not. 2. Try to assign these profile to the same virtual server.

Workaround

Assure that all client SSL profiles attached to a virtual share the same security attributes.

Fix Information

Now, each client SSL profile attached to a single virtual server can have different security settings.

Behavior Change