Bug ID 930385: SSL filter does not re-initialize when an OCSP object is modified

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Fixed In:
17.1.0, 15.1.4, 14.1.3

Opened: Jul 23, 2020

Severity: 3-Major

Symptoms

Create an OCSP object using DNS resolver ns1, associate the OCSP object to SSL profile and a virtual. Then, modify the OCSP object to DNS resolver ns2. After the modification, wait for cache-timeout and cache-error-timeout and then connect to virtual again. The nameserver contacted is still ns1.

Impact

The wrong nameserver is used after modification to the OCSP object.

Conditions

An OCSP object is configured and modified.

Workaround

None

Fix Information

After the fix, the correct nameserver will be contacted after the OCSP object is modified.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips