Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Sankar_O's avatar
Sankar_O
Icon for Nimbostratus rankNimbostratus
Aug 02, 2021

Edit SSL Profile fails with "apiError":26214401

I am trying to edit a server-ssl profile via REST API to add options. The request fails with HTTP 400 :: {"code":400,"message":"\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument",...
big-ip
devops
LTM
ssl profile
kmjmartin's avatar
kmjmartin
Icon for Nimbostratus rankNimbostratus
Jul 28, 2022

Hit the same issue, it looks like the value returned from the API is different from what it will accept, if you replace the value with a list it should work:

if profile["tmOptions"] == "{ dont-insert-empty-fragments no-tlsv1.3 }":

    profile["tmOptions"] = ["dont-insert-empty-fragments",  "no-tlsv1.3"]

those values seem to be the default though, so they will be populated by the F5 if you strip them out. eg:

profile.pop("tmOptions")

the top option might break if the bug is fixed, but is the likely option if you are trying to use something other than the defaults.

  • xuwen's avatar
    xuwen
    Icon for Cumulonimbus rankCumulonimbus
    Jul 28, 2022

    change string format

    "{ dont-insert-empty-fragments no-tlsv1.3 }"

    to list, work correct, thank you

    print debug result is:

    ['curl -k -X PATCH https://192.168.5.109:443/mgmt/tm/ltm/profile/client-ssl/~Common~test_gtmcisco/ -H \'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13\' -H \'Accept-Encoding: gzip, deflate\' -H \'Accept: */*\' -H \'Connection: keep-alive\' -H \'Content-Type: application/json\' -H \'Cookie: BIGIPAuthCookie=cjbkJ4F0Wl96Xku13oC3YLty8FVGcn7GgfJSNas7; BIGIPAuthUsernameCookie=admin\' -H \'Content-Length: 60\' -H \'Authorization: Basic YWRtaW46eHQzMjExMjMwMA==\' -d \'{"tmOptions": ["dont-insert-empty-fragments", "no-tlsv1.3"]}\'']

Process finished with exit code 0