Forum Discussion
NimbostratusHow to get client SSL profile to inerhit parent cipher suite in SNI config?
NacreousUse the tickbox, unticking any custom configuration for that cipher configuration field instead of erasing its current config. It should grey out and that's when it fetches the configuration from parent profile. If it doesn't, then you're facing a GUI misleading info bug. I recall this bug of misleading GUI information in clientssl profiles occurred after 10.2.4 to 11.5.x upgrades. It's unlikely this ever got fixed. The workaround solution is to configure inherit settings in TMSH (or /config/bigip.conf and loaded in). This needs to be done once for all clientssl profiles that have one or more parents.
NimbostratusAh ok, thanks. That seems to be it, so now I get the error "Selected client SSL profiles do not match security policies for Virtual Server /". So it goes back to the limitation since its SNI that all profiles have to be identical. Which is odd, should be a warning, click ok to proceed. Not completely stop me from doing it. Oh well, guess I will have to schedule some downtime for production in order to test with the test site...
