f5-appsvcs-extension icon indicating copy to clipboard operation
f5-appsvcs-extension copied to clipboard

Published 20 hours ago verified publisher icon F5Networks

Issue with SSL Proxy feature in 3.38.0 Release.

Open devildog-tech opened this issue 3 years ago • 1 comments

It seems there is a bug with the Proxy SSL feature.

If you implement the below code you receive the following error.

{"changed": false, "msg": "declaration failed. 01071678:3: dont-insert-empty-fragments conflicts with Proxy SSL (both cannot be enabled) in profile /www.test.com/Shared/www.test.com_server_ssl."}

"www.test.com_server_ssl": {
    "clientCertificate": "www.test.com_certificate",
    "proxySslEnabled": true,
    "proxySslPassthroughEnabled": true,
    "remark": "TEST",
    "class": "TLS_Client"
},

If you implement the following code you receive even though "insertEmptyFragmentsEnabled" should be false by default the same error.

{"changed": false, "msg": "declaration failed. 01071678:3: dont-insert-empty-fragments conflicts with Proxy SSL (both cannot be enabled) in profile /www.test.com/Shared/www.test.com_server_ssl."}

"www.test.com_server_ssl": {
    "clientCertificate": "www.test.com_certificate",
    "proxySslEnabled": true,
    "proxySslPassthroughEnabled": true,
    "insertEmptyFragmentsEnabled": false,
    "remark": "TEST",
    "class": "TLS_Client"
},

The same issue appears in TLS_Server as well. I haven't found a way around it.

Originally posted by @devildog-tech in https://github.com/F5Networks/f5-appsvcs-extension/issues/601#issuecomment-1196146271

devildog-tech avatar Jul 27 '22 15:07 devildog-tech

Please resubmit this issue using one of the provided templates in order to help us better track your issue.

dstokesf5 avatar Aug 03 '22 18:08 dstokesf5