ssl::renegotiate changes SSL session ID and makes it impossible to resume?

When you call SSL::renegotiate, do you also by chance call SSL::authenticate with a value of "always", or not call it at all?

 

 

I've noticed that if you have the frequency set to "once" in the client SSL profile (the default setting), and you don't specify 'once' in your iRule, it will (sort of) behave as if always was selected (as in not storing session IDs across TCP sessions). In my testing, with 'SSL::authenticate once' in the iRule just before 'SSL::renegotiate', upon the server's HelloRequest message, the server will immediately send a new session ID that the client will honor. Without the 'once' setting, the session ID will disappear across TCP sessions.