Configuration Loss of SSL Profiles When Upgrading from NetScaler 11.1 54.x to 12.0 41.x or 51.x

Configuration Loss of SSL Profiles When Upgrading from NetScaler 11.1 54.x to 12.0 41.x or 51.x

book

Article ID: CTX226077

calendar_today

Updated On:

Description

Secure implementation of session tickets is supported only in release 11.1 build 54.x. Configuration loss of SSL profiles will occur if you upgrade from release 11.1 build 54.x to release 12.0 build 41.x or 51.x, in any one of the following scenarios:

Scenario 1

  1. Your deployment uses an SSL profile.
  2. In the SSL profile, sessionTicket is enabled and one or more of the following new secure session ticket parameters have non-default values:
    1. sessionTicketKeyRefresh
    2. sessionTicketKeyData
    3. sessionKeyLifeTime
    4. prevSessionKeyLifeTime

Scenario 2

  1. Your deployment uses a custom SSL profile.
  2. In the SSL profile, sessionTicket is disabled.

Resolution

Scenario 1

There is no workaround for scenario 1; do not upgrade.

Scenario 2

Use the following workaround to avoid configuration loss during upgrade.

Workaround:
  1. Before upgrading, first enable and then disable sessionTicket. At the command prompt, type:
    set ssl profile <profile name> -sessionTicket ENABLED
    set ssl profile <profile name> -sessionTicket DISABLED
  2. Upgrade to release 12.0 build 41.x or 51.x.
This issue will be resolved in an upcoming release and you can find the details about the fix in the corresponding release notes.

Issue/Introduction

Configuration loss of SSL profiles will occur if you upgrade from release 11.1 build 54.x to release 12.0 build 41.x or 51.x.

Additional Information

For more information, refer to the IDs # 678514, 677813 under known issues section of NetScaler 12.0-51.24 Release Notes.

Powered by Wolken Software