Bug ID 451242: Secure client initiated renegotiation is enabled by default.

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,

Opened: Mar 05, 2014

Severity: 3-Major


In the clientssl profile, secure renegotiation is enabled by default. This has led some groups to believe the BIG-IP system is open to a DoS attack, which is not true.


There is no impact to this issue.


A default clientssl profile is used.


Since we already have a renegotiation limit, there is no DoS here. Alternately, one can disable secure renegotiation.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips