Last Modified: Nov 07, 2022
Affected Product:
See more info
BIG-IP (all modules)
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4
Fixed In:
12.0.0, 11.6.0 HF5
Opened: Oct 29, 2014
Severity: 3-Major
Related Article:
K65442255
Some of the OCSP responses that indicate an error (such as 'unauthorized' response from the responder) are cached indefinitely.
Responses are cached indefinitely.
Some of the OCSP responses that indicate an error (such as 'unauthorized' response from the responder).
The response can be deleted from the cache so as to obtain a new response. The new response will be cached based on whether it is valid, and whether the responder indicates an error.
Except when the responder sends a certificate-status 'revoked', or a response status 'signature required', the response is cached for the duration given by the 'cache-error-timeout' field.
