Bug ID 686972: The change of APM log settings will reset the SSL session cache.

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM, LTM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5

Fixed In:
14.0.0, 13.1.0.6, 12.1.3.4

Opened: Oct 03, 2017
Severity: 3-Major

Symptoms

If you change the configuration of APM log settings, it might cause the SSL session cache to be reset. Also, subsequent resumption of SSL sessions may fail after such change causing a situation where full ssl handshakes may occur more frequently.

Impact

The change of APM log settings resets the SSL session cache, which causes the SSL session to initiate full-handshake instead of abbreviated re-negotiation.

Conditions

-- Change the configuration of APM log settings. -- SSL session cache is not empty.

Workaround

Follow this procedure: 1. Change access policy. 2. The status of that access policy changes to 'Apply Access Policy'. 3. Re-apply that.

Fix Information

The change of APM log settings now limits its effect on APM module instead of affecting other (SSL) module's data.

Behavior Change