Bug ID 425420: Server-side SSL can reuse expired session IDs

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1

Fixed In:
11.5.0, 11.2.1 HF16

Opened: Jul 17, 2013

Severity: 3-Major

Related Article: K15440


Server side SSL might send a session ID that should have expired to the SSL server


Very minimal. This is only a problem when the cache timeout set on the server ssl profile is less than the timeout set on the SSL server.


Expiring SSL sessions



Fix Information

Server side SSL will no longer send expired session IDs to the server.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips