Guest

Preview Tool

Cisco Bug: CSCvs50575 - SEC-509-VALIDATE-3: FAILURES ON ASR9K

Last Modified

Sep 02, 2020

Products (3)

  • Cisco ASR 9000 Series Aggregation Services Routers
  • Cisco IOS XR Software
  • Cisco Network Convergence System 1001

Known Affected Releases

7.0.1.BASE

Description (partial)

Symptom:
1. TLS session gets established when basic constraints flag is not present in CA/SUB-CA certificate.
2. TLS session gets established when EKU is not used for the purpose it is supposed to be used for.

Conditions:
1. This problem can occur when user tries to establish TLS session over syslog with CA/SUB-CA certificate having basic constraints flags set to FALSE. 

2. This problem can occur when extended key usage(EKU) is set to purpose OCSPSigning during syslog over TLS connection establishment.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.