Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM, LTM
Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5
Fixed In:
14.0.0, 13.1.0.6, 12.1.3.4
Opened: Oct 03, 2017 Severity: 3-Major
If you change the configuration of APM log settings, it might cause the SSL session cache to be reset. Also, subsequent resumption of SSL sessions may fail after such change causing a situation where full ssl handshakes may occur more frequently.
The change of APM log settings resets the SSL session cache, which causes the SSL session to initiate full-handshake instead of abbreviated re-negotiation.
-- Change the configuration of APM log settings. -- SSL session cache is not empty.
Follow this procedure: 1. Change access policy. 2. The status of that access policy changes to 'Apply Access Policy'. 3. Re-apply that.
The change of APM log settings now limits its effect on APM module instead of affecting other (SSL) module's data.