Forum Discussion

Sankar_O's avatar
Sankar_O
Icon for Nimbostratus rankNimbostratus
4 years ago

Edit SSL Profile fails with "apiError":26214401

I am trying to edit a server-ssl profile via REST API to add options. The request fails with HTTP 400 :: {"code":400,"message":"\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument",...
big-ip
devops
LTM
ssl profile
kmjmartin's avatar
kmjmartin
Icon for Nimbostratus rankNimbostratus
3 years ago

Hit the same issue, it looks like the value returned from the API is different from what it will accept, if you replace the value with a list it should work:

if profile["tmOptions"] == "{ dont-insert-empty-fragments no-tlsv1.3 }":

    profile["tmOptions"] = ["dont-insert-empty-fragments",  "no-tlsv1.3"]

those values seem to be the default though, so they will be populated by the F5 if you strip them out. eg:

profile.pop("tmOptions")

the top option might break if the bug is fixed, but is the likely option if you are trying to use something other than the defaults.

xuwen's avatar
xuwen
Icon for Cumulonimbus rankCumulonimbus
3 years ago

change string format

"{ dont-insert-empty-fragments no-tlsv1.3 }"

to list, work correct, thank you

print debug result is:

['curl -k -X PATCH https://192.168.5.109:443/mgmt/tm/ltm/profile/client-ssl/~Common~test_gtmcisco/ -H \'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13\' -H \'Accept-Encoding: gzip, deflate\' -H \'Accept: */*\' -H \'Connection: keep-alive\' -H \'Content-Type: application/json\' -H \'Cookie: BIGIPAuthCookie=cjbkJ4F0Wl96Xku13oC3YLty8FVGcn7GgfJSNas7; BIGIPAuthUsernameCookie=admin\' -H \'Content-Length: 60\' -H \'Authorization: Basic YWRtaW46eHQzMjExMjMwMA==\' -d \'{"tmOptions": ["dont-insert-empty-fragments", "no-tlsv1.3"]}\'']

Process finished with exit code 0