Bug ID 885789: Clicking 'Fix Automatically' on PCI Compliance page does not replace non-PCI-compliant-profile with complaint one on HTTP/2 virtual servers

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP ASM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,, 16.0.0,, 16.0.1,,

Fixed In:

Opened: Feb 27, 2020

Severity: 4-Minor


Clicking the 'Fix Automatically' button in the PCI Compliance page does not replace the insecure client SSL profile attached on an HTTP/2 virtual server, with a secure one. The compliance state shows as a red cross mark, indicating the virtual server to be noncompliant.


The provision for enhanced configuring does not function as expected for HTTP/2-based virtual servers.


-- Clicking the 'Fix Automatically' button on the PCI compliance page. -- A noncompliant PCI profile is attached to the HTTP/2 virtual server. -- A PCI-compliant, client SSL profile with renegotiation disabled is available in the SSL profiles.


Manually configure a PCI-compliant profile in SSL profiles, with renegotiation disabled, and attach it to the virtual server.

Fix Information

HTTP/2 virtual servers are now handled correctly on the PCI Compliance page.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips