Bug ID 885789: Clicking 'Fix Automatically' on PCI Compliance page does not replace non-PCI-compliant-profile with complaint one on HTTP/2 virtual servers

Last Modified: Sep 23, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4, 16.0.0,, 16.0.1,,

Fixed In:

Opened: Feb 27, 2020
Severity: 4-Minor


Clicking the 'Fix Automatically' button in the PCI Compliance page does not replace the insecure client SSL profile attached on an HTTP/2 virtual server, with a secure one. The compliance state shows as a red cross mark, indicating the virtual server to be noncompliant.


The provision for enhanced configuring does not function as expected for HTTP/2-based virtual servers.


-- Clicking the 'Fix Automatically' button on the PCI compliance page. -- A noncompliant PCI profile is attached to the HTTP/2 virtual server. -- A PCI-compliant, client SSL profile with renegotiation disabled is available in the SSL profiles.


Manually configure a PCI-compliant profile in SSL profiles, with renegotiation disabled, and attach it to the virtual server.

Fix Information

HTTP/2 virtual servers are now handled correctly on the PCI Compliance page.

Behavior Change