Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Fixed In:
12.1.0
Opened: Oct 16, 2015 Severity: 3-Major
The session ticket key is generated once, on tmm startup, and then not regenerated again.
If the key is recovered other sessions could be exposed.
Session tickets are being used in a client-ssl profile
Do not use session tickets.
The session ticket key is now regenerated every three days, and the last two are kept.