Bug ID 689561: HTTPS request hangs when multiple virtual https servers shares the same ip address

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0,,,,,

Fixed In:

Opened: Oct 19, 2017

Severity: 3-Major


SSL forward proxy reuses the server ssl session when client ip, server ip and server port matches the ssl session. when multiple virtual https servers share the same ip address, it could happen server ssl reuse a session previously from other virtual server. in such a situation, client cannot forge certificate and hangs the ssh handshake.


client cannot access some https web server.


multiple virtual https servers share the same ip address, and they internally share the ssl sessions. we saw it happens in several google domain.


A workaround is disabling the "Session Ticket" in the server ssl profile, since we do not support session id resumption in the server ssl, this will cause it do full handshake to web server every time, so server_certchain will not be NULL.

Fix Information

it matches the client ip, server ip and port as well as the server name in the SNI to the server ssl session cache. it will not reuse the sessions does not match virtual server name after the fix.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips