Bug ID 977761: Connections are dropped if a certificate is revoked.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Fixed In:
17.1.0, 16.1.2.2

Opened: Jan 01, 2021

Severity: 3-Major

Symptoms

SSL handshake failures occur with the backend server revoked certificate in case of reverse proxy.

Impact

Ssl handshake failures due to revoked server certificate

Conditions

1. BIG-IP LTM configured as SSL reverse proxy. 2. revoked-cert-status-response-control set to ignore in the server ssl profile. 3. server certificate authentication set to "require" in the server ssl profile.

Workaround

1. Set the server certificate authentication to ignore in the server ssl profile.

Fix Information

Added checks to validate the certificate as well as the flags set (ignore/drop) for the revoked certificate.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips