Bug ID 677841: Server SSL TLS session reuse with changed SNI uses incorrect session ID

Last Modified: Nov 07, 2022

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,

Fixed In:

Opened: Aug 09, 2017

Severity: 3-Major


If an iRule changes the SNI then the wrong session ID will be retrieved (using the original SNI).


Connection may be rejected by the client if checking at the client occurs (Apache commonly does this). If the client finds that the SNI does not match the SNI in the session information, the connection may be rejected.


Occurs when SNI is being modified by an iRule to an SNI that is different from the one specified in the server SSL profile.


Disable SSL session cache. This has the side effect of reducing performance.

Fix Information


Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips