Symptoms
The system caches a forged certificate when Forward Proxy (FWDP) server-side soft_vfyresult shows an untrusted CA or an expired cert. There is no method of overriding that behavior.
Impact
No method to override the caching behavior.
Conditions
Using FWDP.
Server-side soft_vfyresult shows an untrusted CA or an expired cert.
Fix Information
In this release, you can configure SSL forward proxy to not cache the forged certificate on the client side if the server-side SSL enables the sys db variable tmm.ssl.servercert_softval and the backend server certificate soft verify_result showing a 'untrusted CA' or 'expired certificate'.
Behavior Change
In this release, you can configure SSL forward proxy to not cache the forged certificate on the client side if the server-side SSL enables the sys db variable tmm.ssl.servercert_softval and the backend server certificate soft verify_result showing a 'untrusted CA' or 'expired certificate'.
