Bug ID 873173: SSL Forward Proxy does not mirror forged OCSP responses to session database on standby HA device

Last Modified: Feb 07, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP LTM, SSLO(all modules)

Opened: Jan 28, 2020
Severity: 4-Minor

Symptoms

SSL Forward Proxy does not mirror forged OCSP responses to session database on the standby high availability (HA) device.

Impact

OCSP Responder on the BIG-IP system is unable to respond to out-of-band OCSP requests right after a failover event occurs, before the SSL handshake is performed with the backend server.

Conditions

SSL forward proxy is configured in HA mode.

Workaround

OCSP responses are successful after the new active device performs an SSL handshake to the backend server, which then re-forges and caches the server certificate and status.

Fix Information

None

Behavior Change