Bug ID 897229: TLS session ticket resumption SNI check

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 14.1.2.5

Fixed In:
14.1.2.6

Opened: Apr 09, 2020

Severity: 3-Major

Symptoms

A TLS session ticket might be used for session resumption if the SNI does not match the original session ticket.

Impact

Session resumption might occur when the current session ticket extension SNI does not match session ticket SNI.

Conditions

-- TLS 1.2 or 1.3. -- Session ticket resumption. -- SNI does not match the original session ticket.

Workaround

None.

Fix Information

Session resumption with session ticket is now resumed only when the SNI matches the original session ticket.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips