Bug ID 977761: Connections are dropped if a certificate is revoked.

Last Modified: May 20, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1

Fixed In:
16.1.2.2

Opened: Jan 01, 2021
Severity: 3-Major

Symptoms

SSL handshake failures occur with the backend server revoked certificate in case of reverse proxy.

Impact

Ssl handshake failures due to revoked server certificate

Conditions

1. BIG-IP LTM configured as SSL reverse proxy. 2. revoked-cert-status-response-control set to ignore in the server ssl profile. 3. server certificate authentication set to "require" in the server ssl profile.

Workaround

1. Set the server certificate authentication to ignore in the server ssl profile.

Fix Information

Added checks to validate the certificate as well as the flags set (ignore/drop) for the revoked certificate.

Behavior Change