Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS1.0 in Certificate Name does not convert properly #82

Closed
jrmann1999 opened this issue Mar 9, 2022 · 2 comments
Closed

TLS1.0 in Certificate Name does not convert properly #82

jrmann1999 opened this issue Mar 9, 2022 · 2 comments
Labels
bug Something isn't working jira Jira created for this issue
Milestone
1.19.1

Comments

@jrmann1999
Copy link

Environment

  • ACC Version: 1.18.0
  • AS3 Version: Latest
  • BIG-IP Version: 16.x

Summary

When doing an ACC conversion from bigip->AS3, if the certificate profile name has TLS1.0 in the name, it does not convert to AS3 (the declaration is missing from the VIP)

Steps To Reproduce

Steps to reproduce the behavior:

  1. Convert following config:
ltm virtual /WEB-GENERAL/API-PPMO.ASDF.COM_443 {
    description "CR854715 JPB 08/02/16"
    destination /WEB-GENERAL/10.22.198.138%836:443
    ip-protocol tcp
    mask 255.255.255.255
    pool /WEB-GENERAL/API-PPMO.ASDF.COM_8085
    profiles {
        /Common/ASDF.COM_WILDCARD_LATEST_NOTLS1.0 {
            context clientside
        }
        /Common/TCP_15MIN_IDLETIMEOUT { }
        /Common/http { }
    }
    rules {
        /Common/X-FORWARD-PROTO
        /Common/X-Forwarded-For
    }
    serverssl-use-sni disabled
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    translate-address enabled
    translate-port enabled
}

ltm profile client-ssl /Common/ASDF.COM_WILDCARD_LATEST_NOTLS1.0 {
    app-service none
    cert /Common/ASDF.COM-07Jul22-170B.crt
    cert-key-chain {
        ASDF.COM_WILDCARD_PROPER_ENTRUST_BUNDLE {
            cert /Common/ASDF.COM-07Jul22-170B.crt
            chain /Common/PROPER_ENTRUST_BUNDLE.crt
            key /Common/ASDF.COM-07Jul22-170B.key
        }
    }
    chain /Common/PROPER_ENTRUST_BUNDLE.crt
    cipher-group none
    ciphers !EXPORT:!DH:!MD5:!SSLv3:!DTLSv1:ECDHE_ECDSA+AES-GCM:ECDHE_ECDSA+AES:ECDHE+AES-GCM:ECDHE+AES:ECDHE+RSA:RSA+AES-GCM:RSA+AES:!DHE:!3DES
    defaults-from /Common/clientssl
    inherit-ca-certkeychain true
    inherit-certkeychain false
    key /Common/ASDF.COM-07Jul22-170B.key
    options { dont-insert-empty-fragments no-tlsv1.3 no-tlsv1.1 no-tlsv1 }
    passphrase none
}
  1. Observe the following error message:
    No errors are present on the console (this was run through vscode)

Expected Behavior

I expect the SSL profile to attached to the VIP in the AS3 json file.

Actual Behavior

The SSL profile line is missing

Notes

Tested by renaming TLS1.0 to TLS10 and the conversion succeeds, the . in the 1.0 appears to be causing an issue in conversion
@jrmann1999 jrmann1999 added the bug Something isn't working label Mar 9, 2022
@p-semenov-f5
Copy link
Collaborator

p-semenov-f5 commented Mar 10, 2022
edited
Loading

Jira issue created

@p-semenov-f5 p-semenov-f5 added in progress jira Jira created for this issue labels Mar 10, 2022
@p-semenov-f5
Copy link
Collaborator

p-semenov-f5 commented Mar 21, 2022
edited
Loading

fixed in 1.19.1

@mdditt2000 mdditt2000 added this to the 1.19.1 milestone Mar 21, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working jira Jira created for this issue
Projects
None yet
Milestone
1.19.1
Development

No branches or pull requests
3 participants
@jrmann1999 @mdditt2000 @p-semenov-f5