Bug ID 1148053: When client SSL profile has "cache-size 0", BIG-IP is unable to decrypt client-side traffic

Last Modified: Mar 08, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2, 16.1.3.3

Opened: Sep 08, 2022
Severity: 3-Major

Symptoms

When client SSL profile has "cache-size 0" the SSL functionality fails to include master-secret in the F5 Ethernet Trailers (f5ethtrailer), thus not being able to decrypt client-side traffic.

Impact

The "cache-size 0" indicates that BIG-IP do not memorize any session, TMM disables session reuse. No renegotiation is provided even it is enabled. No "session ID" should present during the SSL/TLS handshake.

Conditions

Client SSL profile has "cache-size 0".

Workaround

Use client SSL profile default cache size.

Fix Information

None

Behavior Change

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5, Inc. All rights reserved. Policies | Privacy | Trademarks