Bug ID 930385: SSL filter does not re-initialize when an OCSP object is modified

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5, 14.1.2.6, 14.1.2.7, 14.1.2.8, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1

Fixed In:
15.1.4, 14.1.3

Opened: Jul 23, 2020
Severity: 3-Major

Symptoms

Create an OCSP object using DNS resolver ns1, associate the OCSP object to SSL profile and a virtual. Then, modify the OCSP object to DNS resolver ns2. After the modification, wait for cache-timeout and cache-error-timeout and then connect to virtual again. The nameserver contacted is still ns1.

Impact

The wrong nameserver is used after modification to the OCSP object.

Conditions

An OCSP object is configured and modified.

Workaround

None

Fix Information

After the fix, the correct nameserver will be contacted after the OCSP object is modified.

Behavior Change