CWall_333_32537
Apr 25, 2018Nimbostratus
extra serverssl profiles in the bigip.conf
Hello:
I recently discovered that 7 of our LTMs had a serverssl profile in the bigip.conf. (with additional options)
All the rest do not have any serverssl profile in the bigip.conf.
By default that profile is defined in the profile_base.conf.
There seem to be options that are added that I can't find in the GUI.
app-service none
expire-cert-response-control drop
generic-alert enabled
proxy-ssl disabled
renegotiation enabled
retain-certificate true
secure-renegotiation request
server-name none
session-ticket disabled
sni-default false
sni-require false
ssl-forward-proxy disabled
ssl-forward-proxy-bypass disabled
ssl-sign-hash any
untrusted-cert-response-control drop
I don't know how long they have been there, or why ... any thoughts ?
I am thinking we should remove them and get our overall environment configuration to be standard.