Last Modified: Sep 14, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6
Fixed In:
15.0.0
Opened: Dec 05, 2018 Severity: 3-Major
Previously, SSL forward proxy cached forged server certs on the client side even if the server cert was untrusted. Now, SSL forward proxy does not cache the forged cert if the server cert is untrusted.
You might notice a performance impact compared with previous releases.
SSL forward proxy is enabled and server cert is untrusted.
None.
There is a behavior change: the system does not cache forged server certs if the cert is not trusted.
Previously, SSL forward proxy cached forged server certs on the client side even if the server cert was untrusted. Now, SSL forward proxy does not cache the forged cert if the server cert is untrusted. As a result, you might notice slower performance in this release under these conditions.