Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP (all modules)
Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4
Fixed In:
12.0.0, 11.6.0 HF5
Opened: Oct 29, 2014 Severity: 3-Major Related Article:
K65442255
Some of the OCSP responses that indicate an error (such as 'unauthorized' response from the responder) are cached indefinitely.
Responses are cached indefinitely.
Some of the OCSP responses that indicate an error (such as 'unauthorized' response from the responder).
The response can be deleted from the cache so as to obtain a new response. The new response will be cached based on whether it is valid, and whether the responder indicates an error.
Except when the responder sends a certificate-status 'revoked', or a response status 'signature required', the response is cached for the duration given by the 'cache-error-timeout' field.