Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Espen_Wiborg_28's avatar
Espen_Wiborg_28
Icon for Nimbostratus rankNimbostratus
Apr 12, 2018

Resetting a profile attribute to "inherit from parent" using REST?

I cannot find a way to reset a single attribute of a profile (client ssl profile, if it matters) using REST. Specifically, I want to change the ciphers attribute from a manually overridden valu...
cloud
devops
iControlREST
LTM
Satoshi_Toyosa1's avatar
Satoshi_Toyosa1
Ret. Employee
Apr 18, 2018

You can specify 

default-value
just like the equivalent tmsh command (i.e., 
tmsh modify ltm profile client-ssl SatSSL ciphers default-value
).

For example (the profile name is SatSSL, inherited from 

clientssl
😞

Get the current ciphers:

 curl -sku admin:admin https://localhost/mgmt/tm/ltm/profile/client-ssl/SatSSL?\$select=ciphers
{"ciphers":"DEFAULT:!SSLv2"}

Modify the ciphers back to DEFAULT (response omitted):

 curl -sku admin:admin https://localhost/mgmt/tm/ltm/profile/client-ssl/SatSSL \
 -X PATCH -H "Content-type: application/json" \
 -d '{"ciphers":"default-value"}'

Verify:

curl -sku admin:admin https://localhost/mgmt/tm/ltm/profile/client-ssl/SatSSL?\$select=ciphers
{"ciphers":"DEFAULT"}
Boby_BC's avatar
Boby_BC
Icon for Nimbostratus rankNimbostratus
Oct 02, 2020

Hi,

unfortunately those does not work as requested.

I need exactly the same - my child client ssl profile needs to "inherit from parent" ciphers i.e. when i add a new cipher in the default profile, it will be received automatically from the child.

It seems that this is only possible via admin UI in a browser by uncheck the "Custom" checkbox for field Ciphers.

The tmsh command or REST PATCH request always sets a concrete value for the child profile. Thus when the parent is updated, the child will remain with the same value.

 

So the question is still valid and i hope that someone can find a proper solution ...

 

Best regards

Boby