Bug ID 911777: BIG-IP SSL forward proxy might drop connection to servers with revoked certificate status.

Last Modified: Mar 01, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP LTM, SSLO(all modules)

Known Affected Versions:
16.0.0,, 16.0.1,

Opened: May 26, 2020
Severity: 3-Major


If the server certificate status is revoked, SSL forward proxy configured with a new server SSL profile might drop the connection.


BIG-IP client connections are reset.


-- New SSL forward proxy server SSL profile is attached to the virtual server. -- Revoked-cert-status-response-control is set to the default value (drop). -- Certificate status service (e.g., CRL/OCSP) is configured on the server SSL profile.


Change revoked-cert-status-response-control to ignore on the server SSL profile.

Fix Information


Behavior Change