Forum Discussion

Sankar_O's avatar
Sankar_O
Icon for Nimbostratus rankNimbostratus
Aug 02, 2021

Edit SSL Profile fails with "apiError":26214401

I am trying to edit a server-ssl profile via REST API to add options. The request fails with

HTTP 400 :: {"code":400,"message":"\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument","errorStack":[],"apiError":26214401}

The same operation works well with TMOS shell. BIGIP version is Version   15.1.3

Any suggestions on what could possibly be wrong here?

 

3 Replies

  • Hit the same issue, it looks like the value returned from the API is different from what it will accept, if you replace the value with a list it should work:

    if profile["tmOptions"] == "{ dont-insert-empty-fragments no-tlsv1.3 }":

        profile["tmOptions"] = ["dont-insert-empty-fragments",  "no-tlsv1.3"]

    those values seem to be the default though, so they will be populated by the F5 if you strip them out. eg:

    profile.pop("tmOptions")

    the top option might break if the bug is fixed, but is the likely option if you are trying to use something other than the defaults.

    • xuwen's avatar
      xuwen
      Icon for Cumulonimbus rankCumulonimbus

      change string format

      "{ dont-insert-empty-fragments no-tlsv1.3 }"

      to list, work correct, thank you

      print debug result is:

      ['curl -k -X PATCH https://192.168.5.109:443/mgmt/tm/ltm/profile/client-ssl/~Common~test_gtmcisco/ -H \'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13\' -H \'Accept-Encoding: gzip, deflate\' -H \'Accept: */*\' -H \'Connection: keep-alive\' -H \'Content-Type: application/json\' -H \'Cookie: BIGIPAuthCookie=cjbkJ4F0Wl96Xku13oC3YLty8FVGcn7GgfJSNas7; BIGIPAuthUsernameCookie=admin\' -H \'Content-Length: 60\' -H \'Authorization: Basic YWRtaW46eHQzMjExMjMwMA==\' -d \'{"tmOptions": ["dont-insert-empty-fragments", "no-tlsv1.3"]}\'']
      
      Process finished with exit code 0
  • xuwen's avatar
    xuwen
    Icon for Cumulonimbus rankCumulonimbus

    i also find this problem, i use f5-sdk api to set a exists ssl profile named best-test2, and set its attribute sniDefault='true',i use update() fuction and its equals icontrolrest POST method, but i use modify() function and its equals icontrolrest PATCH method, it works correct

    but i find when i edit its attribute tmOptions,use update() or modify() function all failed, and raise this error:

    HTTP 400 :: {"code":400,"message":"\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument","errorStack":[],"apiError":26214401}

    see bigip auit log i find it create this instructions

    modify ltm profile client-ssl /Common/bestpay-test2 { options "{ dont-insert-empty-fragments no-tlsv1.3 }" }
    the tmsh command extra " cause [Syntax Error: "{dont-insert-empty-fragments no-tlsv1.3}" 

    use api linux tmsh bash can solve this problem