Need value for session.ssl.cert.valid

Could simply be an mcpd validation error. What is the policy doing, and what happens if you try to remove the policy first, change the SSL profile, and then re-add the policy?

I was about to do exactly that, but I do not really know what this policy is doing, and I am afraid that I will not be able to re-add the policy :)

May I check something particular in the policy ?

Nothing looks out of the ordinary. So can you replicate this behavior on a "dummy" VIP so that you're not affecting production traffic?

Not at the moment nope, I will sync/backup the config on the inactive node, do the modifications (disable security policy, modify ssl profile, enable security policy), and if there is a problem I will sync with the old configuration on the inactive node

I disabled the security policy for the 4 virtual server we had:

But same behavior when I change the setting...

So I think this is not the problem, weird, any idea ?

I have a clue, but I guess I cannot fix this specifically, needs the whole upgrade... :)

https://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/related/relnote-supplement-bigip-14-0-0.htmlA674106

Ahhhh, you're talking about multiple client SSL profiles on the VIP (with different properties). I thought you were talking about some issue with client SSL and an ASM policy.

In that case, what you're experiencing is expected. All of the client SSL profiles on a VIP (until BIG-IP 14.0) must have the same attributes.