Bug ID 707246: TMM would crash if SSL Client profile could not load cert-key-chain successfully

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5

Fixed In:
14.0.0, 13.1.0.6

Opened: Feb 20, 2018
Severity: 2-Critical

Symptoms

TMM would crash if SSL Client profile could not load cert-key-chain successfully, and SSL is working in the fwd-proxy-mode.

Impact

Traffic disrupted while tmm restarts.

Conditions

1. SSL is working in the fwd-proxy-mode. 2. SSL could not load the cert-key-chain in the clientssl profile successfully. There could be couple of reasons: 2.1.We fail to configure the password required by the cert-key-chain. 2.2.Configured cert-key-chain type is not supported. 2.3.cert-key-chain name is incorrect.

Workaround

Configure the cert-key-chain in the clientssl profile correctly.

Fix Information

If we fail to load the cert-key-chain in the clientssl profile, and ssl is working in the fwd-proxy-mode, we will mark the corresponding ssl clientssl profile as invalid, then we will not accept the incoming SSL handshake destined to this profile.

Behavior Change