Bug ID 1148053: When client SSL profile has "cache-size 0", BIG-IP is unable to decrypt client-side traffic

Last Modified: Feb 14, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,, 16.1.3,,,,,, 16.1.4,,

Opened: Sep 08, 2022

Severity: 3-Major


When client SSL profile has "cache-size 0" the SSL functionality fails to include master-secret in the F5 Ethernet Trailers (f5ethtrailer), thus not being able to decrypt client-side traffic.


The "cache-size 0" indicates that BIG-IP do not memorize any session, TMM disables session reuse. No renegotiation is provided even it is enabled. No "session ID" should present during the SSL/TLS handshake.


Client SSL profile has "cache-size 0".


Use client SSL profile default cache size.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips