Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Edit SSL Profile fails with "apiError":26214401

Sankar_O
Nimbostratus
Nimbostratus

‎02-Aug-2021 12:12 - last edited on ‎22-Nov-2022 15:01 by Fog

I am trying to edit a server-ssl profile via REST API to add options. The request fails with 

HTTP 400 :: {"code":400,"message":"\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument","errorStack":[],"apiError":26214401}

The same operation works well with TMOS shell. BIGIP version is Version   15.1.3

Any suggestions on what could possibly be wrong here?

 

Labels:
0 Kudos
3 REPLIES 3

xuwen
MVP
MVP

‎26-Mar-2022 00:05 - edited ‎26-Mar-2022 00:12

i also find this problem, i use f5-sdk api to set a exists ssl profile named best-test2, and set its attribute sniDefault='true',i use update() fuction and its equals icontrolrest POST method, but i use modify() function and its equals icontrolrest PATCH method, it works correct

but i find when i edit its attribute tmOptions,use update() or modify() function all failed, and raise this error:

HTTP 400 :: {"code":400,"message":"\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument","errorStack":[],"apiError":26214401}

see bigip auit log i find it create this instructions

modify ltm profile client-ssl /Common/bestpay-test2 { options "{ dont-insert-empty-fragments no-tlsv1.3 }" }
the tmsh command extra " cause [Syntax Error: "{dont-insert-empty-fragments no-tlsv1.3}" 

use api linux tmsh bash can solve this problem

0 Kudos

kmjmartin
Nimbostratus
Nimbostratus

‎28-Jul-2022 18:55

Hit the same issue, it looks like the value returned from the API is different from what it will accept, if you replace the value with a list it should work:

if profile["tmOptions"] == "{ dont-insert-empty-fragments no-tlsv1.3 }":

    profile["tmOptions"] = ["dont-insert-empty-fragments",  "no-tlsv1.3"]

those values seem to be the default though, so they will be populated by the F5 if you strip them out. eg:

profile.pop("tmOptions")

the top option might break if the bug is fixed, but is the likely option if you are trying to use something other than the defaults.

xuwen
MVP
MVP
In response to kmjmartin

‎28-Jul-2022 20:48 - edited ‎28-Jul-2022 20:54

change string format

"{ dont-insert-empty-fragments no-tlsv1.3 }"

to list, work correct, thank you

print debug result is:

['curl -k -X PATCH https://192.168.5.109:443/mgmt/tm/ltm/profile/client-ssl/~Common~test_gtmcisco/ -H \'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13\' -H \'Accept-Encoding: gzip, deflate\' -H \'Accept: */*\' -H \'Connection: keep-alive\' -H \'Content-Type: application/json\' -H \'Cookie: BIGIPAuthCookie=cjbkJ4F0Wl96Xku13oC3YLty8FVGcn7GgfJSNas7; BIGIPAuthUsernameCookie=admin\' -H \'Content-Length: 60\' -H \'Authorization: Basic YWRtaW46eHQzMjExMjMwMA==\' -d \'{"tmOptions": ["dont-insert-empty-fragments", "no-tlsv1.3"]}\'']

Process finished with exit code 0
0 Kudos
Copyright © 2023 Khoros, LLC