Bug ID 635274: SSL::sessionid command may return invalid values

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2

Fixed In:
13.0.0, 12.1.3, 11.6.2

Opened: Dec 21, 2016

Severity: 2-Critical

Related Article: K21514205

Symptoms

The SSL::sessionid iRule command might return random, invalid values. This also causes high CPU usage on TMM. This occurs when the SSL ID retrieved from SSL is on the stack and gets overwritten prior to use, resulting in a persist lookup loop which causes the high CPU. The issue is also associated with the SSL::sessionid iRule command because SSL::sessionid and SSL persistence use the same internal mechanism to retrieve the SSL session ID.

Impact

The iRule might not work as expected. High CPU usage.

Conditions

This issue occurs when either of the following conditions exists: -- An iRule exists that queries the SSL::sessionid. -- An SSL persist profile is configured on the virtual server.

Workaround

Do not use the SSL:sessionid iRule.

Fix Information

The SSL::sessionid iRule returns the session ID as expected.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips