Bug ID 964673: CRL with duplicate entries is allowed to be uploaded, but later unable to pass traffic due to 'invalid profile'

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,, 16.0.0,, 16.0.1,,

Opened: Nov 13, 2020
Severity: 3-Major


A CRL containing a duplicate entry is allowed to be uploaded and attached to a SSL profile (and later attached to a virtual server), causing the virtual server to not process traffic due to 'invalid profile'. A log such as below is seen on LTM logs: warning tmm1[3543]: 01260009:4: -> Connection error: hud_ssl_handler:1216: alert(40) invalid profile unknown on VIP /Common/vip-01 The 'invalid profile' message is seen in the LTM log but only after the CRL is attached to the SSL profile and the SSL profile attached to the virtual server, and not when initially uploading the CRL or attaching the CRL to the SSL profile.


Traffic disrupted on the virtual server.


CRL containing duplicate entry.


Don't upload a CRL containing duplicate entries.

Fix Information


Behavior Change