Bug ID 1148053: When client SSL profile has "cache-size 0", BIG-IP is unable to decrypt client-side traffic

Last Modified: Mar 08, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
16.1.0, 16.1.1, 16.1.2,,, 16.1.3,,,

Opened: Sep 08, 2022
Severity: 3-Major


When client SSL profile has "cache-size 0" the SSL functionality fails to include master-secret in the F5 Ethernet Trailers (f5ethtrailer), thus not being able to decrypt client-side traffic.


The "cache-size 0" indicates that BIG-IP do not memorize any session, TMM disables session reuse. No renegotiation is provided even it is enabled. No "session ID" should present during the SSL/TLS handshake.


Client SSL profile has "cache-size 0".


Use client SSL profile default cache size.

Fix Information


Behavior Change