Bug ID 795025: Ssl_outerrecordtls1_0 config option is not honored

Last Modified: Sep 14, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 14.1.3, 14.1.3.1, 14.1.4, 14.1.4.1, 14.1.4.2, 14.1.4.3, 14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4

Fixed In:
15.1.0

Opened: Jun 18, 2019

Severity: 3-Major

Symptoms

Support for the Ssl_outerrecordtls1_0 config option was intentionally removed starting 14.1.0.1. The value TRUE is assumed irrespective of the actual configured value.

Impact

This option must be set to FALSE for the BIG-IP system to be able to communicate with a few non-compliant SSL servers. Communication with such servers fails otherwise.

Conditions

This occurs in normal operation.

Workaround

None.

Fix Information

Support for the config option has been added back.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips