Bug ID 756234: In SSL forward proxy, forged untrusted server certs are no longer cached.

Last Modified: Aug 24, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4

Opened: Jan 22, 2019
Severity: 2-Critical

Symptoms

Previously, SSL forward proxy cached forged server certs on the client side even if the server cert was untrusted. Now, SSL forward proxy does not cache the forged cert if the server cert is untrusted.

Impact

You might notice a performance impact compared with previous releases.

Conditions

SSL forward proxy is enabled and server cert is untrusted.

Workaround

None.

Fix Information

None

Behavior Change

Previously, SSL forward proxy cached forged server certs on the client side even if the server cert was untrusted. Now, SSL forward proxy does not cache the forged cert if the server cert is untrusted. As a result, you might notice slower performance in this release under these conditions.

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5 Networks, Inc. All rights reserved. Policies | Privacy | Trademarks