Bug ID 854129: SSL monitor continues to send previously configured server SSL configuration after changes (removal/modification)

Last Modified: Nov 23, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 16.0.0, 16.0.0.1, 16.0.1

Opened: Nov 28, 2019
Severity: 3-Major

Symptoms

Monitor continues to send previously configured settings from the server SSL profile such as client certificate or cipher list after the SSL profile has been removed/modified from the monitor.

Impact

The previously configured settings, such as certificate or cipher, may continue to be transmitted to the server, resulting in node continuing to be marked up or down (respectively).

Conditions

-- In-TMM monitor configured. -- SSL monitor configured with a server SSL profile. -- Modification of the server SSL profile on the monitor.

Workaround

You can use either of the following workarounds: -- Disable and then re-enable the pool member. -- Restart tmm. Note: Using this option interrupts traffic. Traffic disrupted while tmm restarts.

Fix Information

None

Behavior Change