Operational Defect Database
BugZero found this defect 926 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1056941
HTTPS monitor continues using cached TLS version after receiving fatal alert.
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP LTM
Affected releases:
15.1.0
15.1.0.1
15.1.0.2
15.1.0.3
15.1.0.4
15.1.0.5
15.1.1
15.1.2
15.1.2.1
15.1.3
15.1.3.1
15.1.4
Fixed releases:
No fixed releases provided.
Description:
Bug ID 1056941: HTTPS monitor continues using cached TLS version after receiving fatal alert. ... Last Modified: Apr 26, 2024 ... Symptoms ... After an HTTPS monitor completes successfully, the TLS version is cached and used for subsequent monitor probes. ... If the back end server TLS version changes between monitor polls and no longer allows the cached TLS version, the back end server correctly sends a fatal alert to the BIG-IP in response to the no longer allowed TLS version. ... The BIG-IP will continue to use the cached, now prohibited, version in all subsequent probes resulting in a false down resource until the cached information is cleared on the BIG-IP. ... Impact ... BIG-IP continues to send prohibited TLS version and reports the member as down. ... Conditions ... ClientSSL profile is changed on backend BIG-IP device's virtual server, ... Workaround
