Bug ID 930385: SSL filter does not re-initialize when an OCSP object is modified

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,

Fixed In:
15.1.4, 14.1.3

Opened: Jul 23, 2020
Severity: 3-Major


Create an OCSP object using DNS resolver ns1, associate the OCSP object to SSL profile and a virtual. Then, modify the OCSP object to DNS resolver ns2. After the modification, wait for cache-timeout and cache-error-timeout and then connect to virtual again. The nameserver contacted is still ns1.


The wrong nameserver is used after modification to the OCSP object.


An OCSP object is configured and modified.



Fix Information

After the fix, the correct nameserver will be contacted after the OCSP object is modified.

Behavior Change