Operational Defect Database
BugZero found this defect 201 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 1389033
In an iRule SSL::sessionid returns an empty value
Last update date:
5/17/2024
Affected products:
BIG-IP
BIG-IP Install/Upgrade
BIG-IP LTM
Affected releases:
15.1.9.1
15.1.10
15.1.10.2
15.1.10.3
15.1.10.4
16.1.0
16.1.1
16.1.2
16.1.2.1
16.1.2.2
16.1.3
16.1.3.1
Fixed releases:
No fixed releases provided.
Description:
Severity: 3-Major ... Symptoms ... The irule SSL::sessionid command used returns an empty value after an upgrade to v15.1.9.1, when used with a TLS1.3 session. ... While SSL::sessionid in v15.1.8.2 returns the value specified in the ClientHello for a TLSv1.3 session, upgrading to v15.1.9.1 results in empty values returned when calling SSL::sessionid. ... Impact ... SSL::sessionid returns an empty value, which could result in unintended behavior for applications that use that iRule command. ... Conditions ... 1. Use SSL::sessionid in an iRule 2.
