Bug ID 892485: A wrong OCSP status cache may be looked up and re-used during SSL handshake.

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP LTM(all modules)

Known Affected Versions:
14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5

Fixed In:

Opened: Mar 24, 2020

Severity: 3-Major


A wrong OCSP status entry in SessionDB is returned during a cache lookup due to using a wrong input parameter - certificate serial number. The result is wrong OCSP status is used in the SSL handshake.


A wrong OCSP status may be reported in the SSL handshake.


If OCSP object is configured in a clientSSL or serverSSL profile.



Fix Information

After the fix, the correct OCSP status entry is returned and SSL handshake continues with the correct OCSP status.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips