Bug ID 997357: iRule command "SSL:session invalidate" not working as expected

Last Modified: Apr 21, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
16.0.0,, 16.0.1,,, 16.1.0, 16.1.1, 16.1.2,,

Opened: Feb 24, 2021
Severity: 4-Minor


The iRule command "SSL:session invalidate" allows session resumption to happen. Session resumption not supposed to occur when this iRule command is used in an iRule.


Session resumption would happen where the iRule is used with "SSL:session invalidate" included which is not supposed to occur


"SSL:session invalidate" is used in the iRule event HTTP_REQUEST


Session resumption should be disabled in SSL profiles

Fix Information


Behavior Change