cancel
Showing results for 
Search instead for 
Did you mean: 

Edit SSL Profile fails with "apiError":26214401

Sankar_O
Nimbostratus
Nimbostratus

I am trying to edit a server-ssl profile via REST API to add options. The request fails with

HTTP 400 :: {"code":400,"message":"\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument","errorStack":[],"apiError":26214401}

The same operation works well with TMOS shell. BIGIP version is Version   15.1.3

Any suggestions on what could possibly be wrong here?

 

3 REPLIES 3

xuwen
Cirrostratus
Cirrostratus

i also find this problem, i use f5-sdk api to set a exists ssl profile named best-test2, and set its attribute sniDefault='true',i use update() fuction and its equals icontrolrest POST method, but i use modify() function and its equals icontrolrest PATCH method, it works correct

but i find when i edit its attribute tmOptions,use update() or modify() function all failed, and raise this error:

HTTP 400 :: {"code":400,"message":"\"{ dont-insert-empty-fragments no-tlsv1.3 }\" unexpected argument","errorStack":[],"apiError":26214401}

see bigip auit log i find it create this instructions

modify ltm profile client-ssl /Common/bestpay-test2 { options "{ dont-insert-empty-fragments no-tlsv1.3 }" }
the tmsh command extra " cause [Syntax Error: "{dont-insert-empty-fragments no-tlsv1.3}" 

use api linux tmsh bash can solve this problem

kmjmartin
Nimbostratus
Nimbostratus

Hit the same issue, it looks like the value returned from the API is different from what it will accept, if you replace the value with a list it should work:

if profile["tmOptions"] == "{ dont-insert-empty-fragments no-tlsv1.3 }":

    profile["tmOptions"] = ["dont-insert-empty-fragments",  "no-tlsv1.3"]

those values seem to be the default though, so they will be populated by the F5 if you strip them out. eg:

profile.pop("tmOptions")

the top option might break if the bug is fixed, but is the likely option if you are trying to use something other than the defaults.

change string format

"{ dont-insert-empty-fragments no-tlsv1.3 }"

to list, work correct, thank you

print debug result is:

['curl -k -X PATCH https://192.168.5.109:443/mgmt/tm/ltm/profile/client-ssl/~Common~test_gtmcisco/ -H \'User-Agent: python-requests/2.26.0 f5-icontrol-rest-python/1.3.13\' -H \'Accept-Encoding: gzip, deflate\' -H \'Accept: */*\' -H \'Connection: keep-alive\' -H \'Content-Type: application/json\' -H \'Cookie: BIGIPAuthCookie=cjbkJ4F0Wl96Xku13oC3YLty8FVGcn7GgfJSNas7; BIGIPAuthUsernameCookie=admin\' -H \'Content-Length: 60\' -H \'Authorization: Basic YWRtaW46eHQzMjExMjMwMA==\' -d \'{"tmOptions": ["dont-insert-empty-fragments", "no-tlsv1.3"]}\'']

Process finished with exit code 0