Bug ID 1016921: SSL Connection mirroring - session resumption does not occur on standby when the session ticket is enabled

Last Modified: Apr 17, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,

Fixed In:

Opened: May 07, 2021

Severity: 3-Major


Eight-second delays occur on traffic through an SSL connection mirroring virtual server, and errors occur on the standby device: crit tmm7[11598]: 01010025:2: Device error: crypto codec Couldn't create an OpenSSL EC group object OpenSSL error:0906D06C:PEM err tmm7[11598]: 01010282:3: Crypto codec error: sw_crypto-7 Couldn't initialize the elliptic curve parameters. crit tmm7[11598]: 01010025:2: Device error: crypto codec No codec available to initialize request context.


SSL traffic is significantly delayed and errors are thrown on the standby device.


All of these conditions: -- SSL connection mirroring enabled -- Session tickets are enabled -- High availability (HA) environment and one of the following: -- Running BIG-IP v14.1.4.1 or above (in the v14.1.x branch) or -- Engineering hotfix applied to v14.x/v15.x that has the ID760406 fix (see https://cdn.f5.com/product/bugtracker/ID760406.html)


Any one of the following could prevent the problem. -- client-ssl profile cache-size 0. -- client-ssl profile session-ticket disabled (default). -- disable SSL connection mirror on virtual server.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips