Bug ID 854129: SSL monitor continues to send previously configured server SSL configuration after removal

Last Modified: Feb 07, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6, 16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,

Fixed In:
17.0.0,,, 14.1.5

Opened: Nov 28, 2019

Severity: 3-Major


After an SSL profile has been removed from a monitor, a monitor instance continues to use settings from the previously-configured server SSL profile, such as client certificate or ciphers or supported TLS versions.


The previously configured settings, such as certificate or cipher, continue to be used for monitoring pool members, which may result in unexpected health check behavior/pool member status.


-- In-TMM monitors enabled. -- SSL monitor configured with a server SSL profile. -- Setting the monitor's 'SSL Profile' parameter to 'none'.


An administrator can avoid this issue by ensuring the monitor's 'SSL Profile' parameter specifies a profile (i.e., is not 'none'). Note: In some software versions, changing a monitor's SSL profile from one profile to a different profile may not take effect. For information about this behavior, see https://cdn.f5.com/product/bugtracker/ID912425.html

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips